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1. ABSTRACT 


The Space Station Verification and Training Facility (SSVTF) is using an object-oriented design (OOD) meth- 
odology for software design, a rate monotonic scheduling (RMS) and message passing system called "Simu- 
lation Virtual Machine” (SVM) to support the highly distributed execution environment, and the Ada language 
to implement most of the software. This architecture document specifies how the Ada language will be used, 
in general, to support SVM and implement OOD. It will define the Ada structure of "classes”, "class instances”, 
"algorithm packages”, "partitions”, and many other architectural elements of the system. It will give guidance 
on ways to decompose requirements into the various Ada structural elements. It will show how communica- 
tion is implemented between objects at different levels of the software design (class instances, partitions). 
It will also specify how the simulation will model the required real-world space station communication and 
simulation requirements for specific types of interfaces (i.e., 1 553, discretes, interfaces to real and simulation 
hardware). 

This document does not detail the specific design of various models in the simulation - it simply (importantly) 
defines the infrastructure which all the simulation models are built from. Adhering to the concepts and tem- 
plates in this document will support a consistent architecture across the program assuring that Ada features 
are used logically and within reason. This architectural specification will support the development of a quality 
product through consistent design, early analysis and documentation of the "big picture" requirements. It will 
also be the common location to document general architectural issues and solutions. 


This document can be viewed as a software developer’s users guide. The following describes the basic steps 
in implementing the real-time Ada architecture. Several steps should be done concurrently (1 ..3, 5.. 7). These 
steps represent the general flow to implement the architecture - not a cookbook. Iterative and vertical slice 
development are highly encouraged. 

1 . Identify solution-space objects and classes via OORA and iterative development. 

2. Determine how the class instances will be grouped (composition, inheritance, ASM, partition). Define the 
rate that the partitions will execute. 

3. Identify all external interfaces (input and output) to the partitions. 

4. Start implementing classes by copying the templete provided in Appendix I and filling in model-specific 
details (attributes, names, routines). Class structures do not have to follow the template exactly, but the se- 
mantic structure defined by the templates should be maintained. 

5. Start implementing partitions by copying the template provided in Appendix I. Supply mode routines for 
the generic model and message variables for the messaging system. 

6. Create interface definition packages owned by the partition. Find / coordinate other partition's interface 
definitions. 

7. Create a "nominal” partition that drives default messages and executes at the required rate. No model 
code executes in a nominal partition, only the partition shell. Time burners and memory allocators should be 
defined. This shell will be used by others for unit testing and load analysis. More information and an example 
of a nominal partition will be provided in future documentation. 

8. Develop DIS packages as required. Identify terms for datastore, safestore, IOS look, IOS enter, and IOS 
malfunctions. Add partition code to register DIS terms. 

9. Refine ”Process_Mailbox" procedure to handle DIS input terms (in partition body). Note option to process 
or "stuff” variables. 

10. Refine mode routines, interfaces, and other partition / class structures as the design proceeds. 

What is provided to developers: 

1. Real-time interface packages shown in Appendix II. Developers use these packages to communicate 
across partitions (Messaging), to execute partitions in real-time (Generic_Model), and to communicate with 
the IOS and perform datastores (DIS). 

2. Class and Partition templates shown in Appendix I. Developers may make a copy of the templates to get 
a head-start in the implementation. 
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2. DEFINITION OF TERMS 

Abstract Date Tvoe/ADT): Normal implementation of a class. The class exports visible operations in a 
limited private data type representing the class state in the specification of the package. The body 
of the class contains the operations. Classes never define variables outside the private type struc- 
ture (no global data). 

Abstract Slate Machine(ASM): Non-standard implementation of an object, sometimes using generics. 
Also used to describe partitions and Operational Components. An ASM is an Ada package that 
exports operations in the specification and defines state in the body. 

Ada Maim A standalone procedure that WITHs all partitions that make up a single executable for a single 
cpu. The Ada main will not perform any processing or sequencing - this is done by the thread 
executive portion of SVM. The Ada main is only used to bind together a set (any set) of models so 
that they may be executed. 

Al gorithm Package: An Ada package that exports functions/procedures that perform simple operations 
(like transcendental functions). No state data is allowed in this package - all data referenced are 
formal parameters in the exported routines. 

Aperiodic: An execution method (form of a thread executive) defined by the SVM "Ger ic_Moder pack- 
age that allows aperiodic updates within an RMS base rate. The updates can bt ggered by inter- 
nets or other events, and a predetermined max number of events can be handle within the RMS 
period. All processing must complete within the period time boundaries. 

Asset: Any computer node or device on the RTSN such as IOS, SNS, and CSIOP. 

Batch: A transaction model that runs in background without any urgency in completion time. 

C-Spec: Class Specification. Used in final phases of Object-Oriented Requirements Analysis. This doc- 
ument represents a minimal specification of the requirements in an object-oriented fashion. 

C/ass: ‘A set of objects that sha re a common structure a nd a common be ha vior. The terms class and 
typo are usually (but not always) interchangeable." [Booch 91 ] Classes are modeled as Ada ab- 
stract data type packages. 

Composition: The creation of a new class by constructing it from other classes. 

Data store: A set of independent data items that is collected on demand and can be returned to models 
as an initialization point. 

DIB i Distributed. Identifier Specification): A method and set of Ada package? 'd structures that 

associate logical names to physical variables for datastore, safestore. 3 look and enter, and mal- 
function data. DIS is also used to uniquely identify partitions and partition messages. 

Denerin Model: An SVM Ada package that provides the real-time execution capability for a partition. 
Partitions instantiate either a "Periodic" or “Aperiodic" thread executive from the Generic_Model 
package to enable real-time execution. 

DP LAN: A general-purpose local area network for file download and non-time critical network opera- 
tions between the OSS, IOS, and session computers. 

InharilaPCS L The ability to extend the structure of a class, and possibly it's operations, to create a more 
specialized component. It differs from composition because inheritance always results in a more 
specialized version of it’s parent class, whereas composition provides a more generalized abstrac- 
tion. 

Instance: "Something you can do things to. An instance has state, behavior, and identity. The structure 
and behavior of similar instances are defined in their common dass . The terms instance and object 
are interchangeable.” [Booch 91] An Instance is the object created from an ADT class package. 

Interface AgsriL A partition that provides simulation or pass-thru for an asset. Asset add/drop and asset 
management are also supported. 

Interface Defn: A "type" package that contains the definitions of messages output by a partition. It con- 
tains no executable code. Use of this package enforces type checking and interface control be- 
tween partitions. 
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Mailbox Message A form of command and control, non-real-world interface message transmission on 
the software backplane. This form is used primarily by the IOS. Mailbox messages are free-form, 
non-typed binary messages (unpacker must understand algorithm of packer). 

Manv-to-One Message: A form of message transmission on the software backplane where a partition 
defines the message structure for a message that it will receive from other partitions (in its interface 
definition package). Many other partitions use the message definition to send message to the 
single partition. Messages are queued. This is a special case messaging method to support parti- 
tions who receive many identical messages from different senders. 

Message Package: A SVM Ada package that is the interface to the software backplane for a modeler’s 

partition. It provides services to register and attach input/output messages, and it provides put / get 
operations for partitions. 

Mode/: A general term to describe a simulation software model such as propulsion, orbiter, and inertial 
sensor assembly. Models are codified into 1 or more Ada partitions. 

Moding: Distinct modes which all real-time models operate in. Modes include freeze, run, hold, initialize, 
etc. 

Nominal Partition: a partition shell for an actual model which executes a null procedure and reads / 

sends default messages at the desired rate. A time burner and memory allocator are implemented 
for timing/sizing analysis (activation is optional). No class structures or model-specific code is im- 
plemented. Basically, it is a shell that includes all the SVM hooks that are specific to the actual 
model. It is also used for by other modelers to provide active stubs of external partitions for unit 
testing. 

Node: A single computer assembly containing several cpus connected through shared memory and a 
system bus. 

Object: See instance . 

Object-Oriented Design: The design process whereby the software architecture is organized around 
meaningful objects, rather than functions. 

nne-to-Manv Message: A form of message transmission where a partition sends a message and any 
number of partitions may receive the message. This is the primary method of sending messages 
on SSVTF. 

Operational Component: Largest unit of documentation in the O-Spec. The approximate real-time 
equivalent of the Operational Component is the Partition . 

O-Spec: Abbreviation for "Object Specification". This is the document that describes a Cl in terms of an 
object oriented perspective. 

Padition: A self-contained code unit encompassing a single thread executive. It is an ASM that exports 
nothing in the package specification. It internally holds instances of classes and iterates them cor- 
rectly. Internally, it uses Ada parameters to pass data between class Instances. Externally, parti- 
tions use an SVM message scheme to communicate. Documented as an Op era tio na l Component 
Note that 1 or more partitions may represent a single documented operational component and 
vise-versa. The general code size of an Partition will be from 5 to 20KSLOC. 

Periodic: An execution method (form of a thread executive) defined by the SVM "Generic_Model" pack- 
age that provides periodic updates at a specified hertz rate. All processing must complete within 
the period time boundaries. 

Rate-Monotonic Scheduling. (BMSti A non-frame-based scheduling approach where models execute at 
a periodic rate for a specified worst case time. Each model runs independently - RMS algorithms 
assure models will meet their iteration rates. 

Beal Dme Model: An application model that simulates a real-world structure, assembly, or function and 
iterates over a pre-defined time interval at a specified rate. The model's effects appear to be run- 
ning "in normal human-perceivable time" - not faster than normal, not batch. Real-time also in- 
cludes potentially fast processing to simulate missing hardware boxes - other real hardware would 
not know the difference. 
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RT LAN (RTSN): A real-time local area network (FDDI) for high-speed network communication between 
assets for a training session. 

Safes tom: A set of time-dependent data sent by models and captured during RUN at specified intervals. 

The data is used to recover to the safestore time if required. 

Selector: A function in a class ADT that returns an attribute value (state variable) of the class. 

Session: The main computer(s) and simulation program that run the simulation. The IOS, SNS, OSS, 
and CSIOP computers are not part of the session computers. 

Simulation Virtual Machine. fSVM): The SSVTF executive structure that provides an RMS-based execu- 
tive and a messaging system for the distributed operating environment 

Software Backplane: A term used to describe all the SVM software components that are involved in the 

transmission of messages between partitions, cpus, nodes, and assets. It is a passive structure 
that "wires together” the partitions and provides communication capabilities. The backplane pro- 
vides several message transmission methods (1-to-many, many-to-1 , mailbox) and time-consis- 
tent data transfer for the entire SSVTF. 

Simulation st ate: The state of the simulation (not mode). There are 3 states pre-session, active, post- 
session in these states, nodes are: 

pre-session - loaded, connected, waiting for something to do (asset) 
session active - part of session (asset) 

post-session - disconnected from session (asset) 

A nucleus is a training session with at least the RTSC with an IOS and optional Data Management 
System (DMS) string. 

Slats: Any persistent data defined by a class or partition. State is defined by a class’s private type and 
exists in the instance of the class. State may also exist in the partition’s body. Messages between 
instances or partitions are reflections of the state, not the state itself (no global data). State is modi- - 

fied by normal iteration of the model or by "request state change” calls to modify state (such as in- 
sertion of malfunctions). 

Thread Executive: A SVM component that gets created when a partition Instantiates the "Generic_Model” 
packages. This component sequences the partition's mode routines at the appropriate time. It is 
the threa- of control of a partition. There should be only one created per partition. 

Transaction Ml aL Non-periodic, event driven processing that spans indeterminate time spans. The 
model may need to run quickly to emulate real-time data streams, but it is not periodic. 

Vertical Slice: A code implementation where a developer implements a narrow design slice from top 
(partition / interfaces) to bottom (class structures / instances) to prove out the design concept 
(structure, timing, overhead, algorithm organization / implementation, etc.) 


W 
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3. OVERALL ARCHITECTURE 

The SSVTF Ada software architecture must support a general distributed hardware environment. Figure 3-1 
shows the general SSVTF hardware architecture with two session computers and the various non-session 
assets connected via the RT LAN (the CSIOPs, lOSs, Visual, etc) and the nodes on the GPLAN (OSS, IOS). 
Also shown are the multiple cpus per node and multiple nodes per session computer system. Cpus communi- 
cate in local memory, nodes communicate via reflective memory, and other assets communicate on the RT 
LAN. 



Figure 3-1 


Each SSVTF software model is decomposed in an object-oriented fashion based on real-world structures 
and assemblies. Object-oriented means that data and the data’s associated operations are grouped into 
’’ class " structures. A class structure encapsulates the hidden portion of the object’s attributes and operations 
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and exports the data type that abstractly represents the object and the valid operations. The class structure 
on SSVTF is implemented as an Ada abstract data type (ADT) in the form shown in Appendix 1, 7.1 . An "ob- 
ject" is created when an " instance " of the class abstract type is declared. The class should represent real- 
world "objects” to the greatest extent possible. Classes/objects are initially defined during the Object-Ori- 
ented Requirements Analysis (OORA) phase. 

Class structures may be made up of other classes by declaring instances of lower-level classes in the object- 
attribute record of the higher-level class. If the higher level class represents a less abstract form of the lower- 
level class, then this structure is defined as "inheritance”. If the higher-level class represents an assembly 
where the lower-level classes are sub-parts of the higher level class, then the structure is called a "composi- 
tion". In most cases, composition structures will be used on SSVTF. The depth of the hierarchy of classes 
is dependent on the particular model - one to three levels are common. 

At some point in the hierarchy of classes, something must define instances of the highest-level classes. 
There are three possibilities in Ada - an Ada main program, a task, or an abstract state machine (ASM) pack- 
age. On SSVTF, the top-level Ada architectural decomposition structure for a model will be an abstract state 
machine (ASM) package called a “ partition " (template in Appendix I, 7.3). The partition performs two types 
of functionality - (1 ) defines the state of a model and sequences the model over time; (2) connects the model 
to the real-time distributed system interfaces. 

The state ;f a model partition will be located in the package body of the partition. It will primarily consist of 
instances of classes. Since the partition is an object itself (and an ASM), it may also contain non-class related 
variables defined in the partition body. This data is either temporary” data required for transformations of 
external data into data forms required by the classes, or it is real state data that persists cycle to cycle. In 
general however, class instances should contain the state of the model, not the partition. The partition defines 
the instances and connects and iterates the instances of the class structures. Instances of classes are con- 
nected via procedure calls and parameters. 

The real-time system interfaces include a generic threadexecutive that provides a periodic RMS task to cycle 
the model (partition) at a given rate, a messaging system that allows partitions to communicate in a distributed 
environment, and the Distributed Identifier Specification (PIS) which provides the association of logical 
names to physical data variables for IOS display/manipulation and tor datastore/safestore. 

The real-time system services provide a virtual machine on which models (partitions) execute. These ser- 
vices support a distributed Ada environment. Fig. 3-2 shows the topology of the system with respect to 

models. Each model exfe^ in a self-contained str_ s denoted as the partition. Externally, partitions inter- 

face through the softwa backplane via the package "Message”. The backplane provides the messaging 
capability on the multi-cpu, multi-node distributed system. The backplane also allows the partitions to be 
very decoupled. The interfaces (messages) between partitions are defined by the ”lnterface_Defn" Ada type 
packages shown. These packages contain records defining the format of messages sent between partitions. 
This structure allows the Ada compiler to verify that interfaces have no inconsistencies. The messages are 
therefore defined using normal Ada constructs and then sent as messages via the software backplane to other 
partitions. At the bottom of the figure, the ”DIS" (distributed identifier specification) is used to map logical 
names to physical variables for the purpose of IOS display and datastores. 
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FIGURE 3-2 


KEY: 

Modeler Code: 
Exec. Code: 



The following discussion explains the various parts of a partition. Reference the code templates in Appendix 
I for specific detail on code structures and actual implementation. 

Partition Structure: 

Figure 3-3 shows the various structures related to a partition. The large box labeled "Partition" represents 
an Ada package ASM. In the body of the package (hidden from external view) are the instances of classes 
(objects), local variables, and local subprograms. At the bottom of the page are the "class" packages that 
are used internally by the partition. The code template for class packages is shown in the "Class Template" 
section of this document. On the lower right side of the partition box, the Thread_Exec" is shown. This is 
the SVM distributed executive that is an instantiation of the "periodic" package defined by the "Generic_Mod- 
el” package (see appendix II). The partition supplies the mode routines during the instantiation. The thread 
exec executes the mode routines at the appropriate times. The two "lntfc_Defs" packages at the top are Ada 
type packages that define the messages that are produced by partitions. "External_lntfc_Defs" defines the 
messages of another external partition, and "Partition_lntfc_Defs" defines the messages owned by this parti- 
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tion. By WITHing in interface definition packages, a partition gains the type-checking features of Ada and 
the exact specification of the interface messages. They can be thought of as mini-interface control docu- 
ments between partitions. The interface definition packages contain no executable code - only type struc- 
tures. Inside the partition body, variables are declared using the interface definition package and the ’’Mes- 
sage” package. These variables are used to send and receive messages. The code template for this set of 
modules is located in the ’’Partition Template” section of this document. 

Internal Partition Object Communication: 

Within a partition, normal Ada language constructs are used to attach, iterate, and communicate data be- 
tween class instances. Associations (message passing) between classes are done in a vertical fashion. 
Class structures themselves do not laterally invoke routines of other class structures primarily because the 
instances of the classes are not "known" by the classes themselves. A higher order module must create the 
instance and provide the associations between the instances. The class structure does not "know" or have 
access to instances of other class structures, so a class calling another class’s exported routines is rendered 
impossible by the imposed structure (ref. class template). Note that this does not apply to class compositions 
or inheritance structures. In compositions and inheritance, the instance of a superclass is defined within the 
state definition type of the subclass. A call to the subclass can then update the superclass instance. 

As shown in figure 3-3, instances of class structures are declared in the body of the partition. The partition 
provides the mode routines that iterate the instances of the classes. 
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FIGURE 3-3 

Figure 3-4 shows the local area network, interface agents representing the LAN nodes, and the SVM parts. 
Interface agents simulate LAN nodes when the node is not active or they pass data through from the LAN 
interface to the other models if the nodejs active. They will be discussed later in this document. 
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4. REAL-TIME SERVICES 

The real-time services include the following: 

1 . Moding and Control 

2. RMS-based scheduling (thread executive) 

3. Simulation Clock 

4. Messaging System (1-to-Many, Many-to-i, Mailbox) 

5. Distributed Identifier System (DIS) (for IOS and Datastore/Safestore Variables) 

6. Datastore and Safestore Operations 

7. Device Drivers 

8. Architectural constraints (partition, messaging, DIS, interface agent) 

Executive, moding, the messaging system, DIS, datastore/safestore, and interface agents are discussed 
below. 

4.1. Generic Model (Model Executive Interface) 

In order to execute a model in real-time, the model partition must use the SVM package "Generic_Moden 
to obtain the real-time scheduling services. This package specification is shown in Appendix II, and its use 
is shown in Appendix I under the section "Partition Template”. Figure 4.1-1 illustrates the executive software. 
The Generic_Model contains two generic subpackages "Periodic” and "Aperiodic”. Both are RMS scheduled 
which implies the allocated CPU time for the model is based on the period time and period rate. Partitions 
must run within their max period time otherwise period overruns will occur and simulation will be stopped. 

The rates supported in the "Generic_Model" are described in the "Periodic_Type” and "Aperiodic_Type” 
enumeration values. SVM is not limited to these rates, but the rates being supported are shown here (if other 
rates are needed, they can be added). Note that whole (non-fractional) hertz rates are used since it is desired 
to have a repeating major cycle every 1 or 2 seconds. Fractional hertz rates would complicate mode 
transitions since the entire system must wait until the end of a major period when changing modes. Rates 
supported by SVM are to facilitate modeling the real world or to support interfaces with real world components 
in the simulator, and in following the guidelines of RMS, do not have to be harmonic. When data is shared 
between models executing at different rates that are not harmonic, the data consumed will appear to be 
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produced in irregular and disproportionate intervals. The modeler should be aware of the relationship 
between the producing and consuming partitions when choosing execution rates. 

Instantiation of the "Periodic" package results in a thread executive for the partition that runs the partition's 
mode routines cyclically at the requested period (expressed in hertz). The modeler supplies mode routines 
in the partition body and uses them to instantiate the thread executive package. The mode routines include 
setup, create_data, selfjnit, systemjnit, run, freeze, hold, and terminate. The mode routines are explained 
in section 4.2. The modeler also provides the required rate and the name of the partition during the 

I instantiation. The name is used to identify the partition if problems are detected. An optional parameter is 
available to specify the partition task’s stack size; a larger stack is necessary to correct Storage_Errors for 
memory-intensive computations. The number of DIS terms that are anticipated to be retrieved from the 
partition is specified in the parameter, Max_DIS_Terms. This is used to distribute partition processing across 
execution frames. During execution, the thread executive will call the various mode routines, then process 
requests for retrieving the DIS term values. 

The generic Thread Exec package contains subprograms which can be called to obtain characteristics of the 
instantiated executive software. Two functions, ”Delta_Time" and “Rate_Of_Execution", provide the modeler 
with information concerning the characteristics of the thread exec. "Delta_Time" is exported by the 
instantiated Periodic package and provides time representing the interval time in seconds of the period (1 0 
hz = 0.1 00 seconds in all modes except in freeze when 1 0hz = 0.0). This time should be used when updating 
the model and calculating integration 'constants.' ”Rate_Of_Execution" returns the execution rate; the same 
as the generic parameter supplied at the time of instantiation. This function is to be used when supplying 
information to the software backplane. The function ”A_Full_lcJs_Required" provides information 
concerning the type of system initialization conducted (refer to section 4.2.2). A call to this function is made 
from the self-init procedure. ”Ready_To_Transition” is called by the partition when it completes certain mode 
transitions (refer to sections 4.2.1 through 4.2.4). This signals the master executive that the partition is ready 

I to change mode if commanded. The procedure has an optional parameter that allows the Selfjnit procedure 
to continue cycling when it is set to true. The two functions G_M_T and S_G_M_T return GMT time and SGMT 
time. The time returned is relative to the period of the partition (if the partition runs at 1 0 hz, GMT will tick In 
a 100ms interval). GMT or SGMT should only be used if required - models should use Delta_Time for 
propagating state. 

Instantiation of the "Aperiodic" package results in the creation of a thread executive for the partition that runs 
the partition’s mode routines in a periodic time reference but activated on an event. The generic formal 
parameters are similar to the "Periodic" package with the addition of “Iterations" and "Vector". "Iterations" 
defines the maximum r -.er of times the aperiodic scheduler may run in a given period, and “vector" is the 
method to attach an Ink _r or event to the aperiodic scheduler. This scheduling method is still RMS-based 

which means that a wc; case time per period and period rate are required. Worst case time is computed 
as the period time per aeration times the number of iterations allowed. The partition must honor the RMS 
periodic scheduling time intervals (it cannot run as a transaction model). 

Instantiation of the "Asynchronous" package creates a thread executive for the partitions that are non-rate 
based; these partitions execute in a CPU dedicated to asynchronous activity within an asset. These partitions 
run only when needed, to support the real-time simulation. The generic formal parameters are similar to the 
"Periodic" package with the substitution of "De!ay_Time" for "Rate". "Delay_Time* is the amount of time to 
wait before the partition is allowed to execute again. This scheduling method is not RMS-based; all 
Asynchronous partitions will run at the same priority and execute when CPU time is available. These 
partitions will not execute in synch with the Periodic partitions. Typical partitions of this type include those 
buffering real-time data for collection/display, and those reading or writing to disk. 

Package "Clock” is renamed and USEd in the thread executive so that the partition can have access to all 
the binary operations on Time" in simulation clock without having to WITH Simulation_C!ock in the partition. 
Time retrieved from the Periodic functions for GMT and SGMT will reflect time at the start of the partition's 
period. Aperiodic partition time reflects the start of the last period that has started. No accurate time can be 
guaranteed Asynchronous partitions, so the function is not available. Time is available from a message 
broadcast by SVM on the software backplane (20hz resolution). This time can be used for low-fidelity time 
requirements (since there will be inherent delays from the time the sender generates the time and the receiver 
reads it). 
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4.2. Simulator Moding 

The various software modes that will be used in the SSVTF are described below. Following this discussion 
is a pictorial representation of mode transitions (figure 4.2-1). Note the shaded area of the diagram 
represents modes in which partitions execute in a one-pass manner and overruns are not detected. In these 
modes, partitions will not be called repeatedly by RTSSW software in order to complete their processing. 
Partitions have as much time as needed to complete processing and are therefore not considered executing 
in "realtime". (See section 7.3 for templates of the mode procedures). 

Included at the end of this section is a discussion detailing the various States of the Training Session, and 
the States of an Asset. Figures 4.2.10-1 and 4.2.11-1 pictorially represent these transitions. 



> Supplied by Partition - required for generic Instantiation 

] Supplied by RTSSW 

H Overruns not detected 
J for modes within 


FIGURE 4.2-1 Mod© Transition 
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4.2.1 Simulation Set-Up 

4.2.1. 1 Register I/O / Set-Up 

• Set-Up 

•• Partitions create objects (class instances) as required 

•• Partitions connect addresses to DIS term identifiers and 'prefix' information to 
component identifiers (see section 4.4 for details). 

•• Partitions connect Dis identifiers to symbol name(s) for each term to be 
displayed by IOS by calling Dis.Connect_Term. 

• Register I/O 

•• Required by partitions needing to communicate with other partitions and 
receive mailbox messages 

•• Partitions register or identify their input and output messages with the 
RTSSW communication software. This allows the communication routing 
tables, which ar necessary for the communication to take place, to be set up. 

•• Mailbox creation is also performed in this routine for Partitions requiring 
mailbox communication. 

4.2. 1.2 Create Data 

Create_Data is the second phase of the partition to partition communication set up. 

• Partitions provide the necessary information to the RTSSW communication 
software in order to create their communication (message) buffers. 

I * Partitions must then initialize these buffers (Only One_To_Many output 
messages) by setting all output messages to default values. 

•• This activity sets up the message buffers used by the RTSSW 

communication software in order to pass messages between partitions. 

I « Platform Manager partitions populate and send a registration message to the 
Training Session Manager. 

•• Included in the message is the platform’s worst case transition time for the 
run to freeze and freeze to run transitions. 

4.2.2 Initialization 

There are two forms of initialization, a "full Initial Condition (1C) reset- or a "state adjustment". The full 1C form 
of initialization occurs when an initialization point, return to datastore or return to safestore is requested from 
the IOS. Also, the automatic initialization that occurs following the Start-up phase is considered a full 1C. 
Initialization that occurs following a request to perform a step-ahead is considered the state adjustment form 
of initialization. 

4.2.2.1 Full 1C 

| The purpose of the Full 1C initialization is to allow the simulation to be reset to a new starting point. For 
example, if a return to datastore or new initialization point is requested by the IOS, the simulation transitions 
into a HOLD mode in which the partition's execution is temporarily halted. The following steps are taken in 
ord c i start over. 

• Once Initialization is entered, RTSSW reads the initialization values from disk 
and loads them into the various partition mailboxes. Read Init Data phase is now 
complete. 

• The simulation automatically enters Selfjnit. 
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• Partitions reset their internal state to default values, (predetermined safe starting 
values). 

• Partitions will read their mailboxes and set their internal state to the values 
supplied and/or ramp their models to the desired state. Self— Init is now 
complete. 

4.2.2.2 State Adjustment 

The State Adjustment initialization is used to perform a system Step Ahead. The Environment partition will 
receive a point in time in which to step ahead, while other Paritions receive new values in which to set their 
internal states. The key difference between this initialization and Full 1C is that the internal state is not reset 
to default values . The new internal state values, provided through mailbox messages are simply applied to 
the existing internal state. The following steps are taken to perform a State Adjustment. 

• RTSSW is notified by the IOS to perform a Step Ahead. This causes the 
simulation to transition into the Initialization instructor mode. 

• Because this is a Step Ahead, the Instructor is involved and is responsible for 
providing the Step Ahead time as well as any state change values that may be 
applied to various partitions. 

• The IOS is requested to send all state change data to the various partitions. IOS 
notifies RTSSW when complete. The Step-Ahead/Scripting Data phase is now 
complete. 

• The simulation now enters Selfjnit. 

• Partitions read their mailbox messages and will perform whatever tasks they are 
instructed. Mailbox messages may include information pertaining to the time to 
step-ahead, and/or new state data information. 

•• Partitions needing to perform a step ahead will provide a routine to STEP to 
the new point in time inside their Selfjnit procedure. Step ahead may not be 
completed in a single pass in which case the partition would be responsible 
for controlling it's internal execution until the desired point in time is reached. 

Partitions will execute until completed and are not considered running 
iteratively. 

• Self— Init is now complete. 

4.2.3 Self Initialize 

• A function will be called in the self— init procedure that will identify if this will be an 
1C reset or state adjustment self— initialize. The logic of the Partition’s selfjnit 
procedure must use this to determine how to process the mode request. See 
section 4.2 2 for more information regarding the different initialization types. 

• Partitions may need to read their input data (messages) prior to execution in this 
mode. If so they are doing so at their own risk. This may be old or inconsistent 
data for what they are trying to do in this mode. 

• Full 1C reset - the Partition's internal state is cleared to some predetermined 
starting state. 

•• Partition reads its mailbox for new internal state values and applies them to 
the internal state 

• State Adjustment - a Step Ahead was requested by the IOS 

•• Partitions will extract receive the target step ahead time via the generic 
model ”S_G_M_T* function call 

•• Partitions may also receive some state change information via the mailbox 
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•• Env will advance to the target time and then apply any necessary state 
change information to the internal state 

•• Other partitions may receive only state change information - and will apply it 
to the internal state 

• Self Init will remain a one pass procedure. Partitions that need to iterate will do 
so by executing until complete. Each partition will notify RTSSW when complete 
by calling the Ready_To_Transition procedure. 

4.2.4 System Initialize 

During System Initialize, partitions initialize with each other (both within an asset and between assets in a 
session) via their System Jnit procedures. 

• Partitions use the messaging system in order to pass data to other Partitions 
allowing values to be ramped and achieving a steady state for the simulation. 

• Ready_To_Transition is called by the Partition when it has determined it's internal 
state is steady and at the appropriate values in order to begin the simulation. 

When all Partitions have successfully initialized, the session will automatically transition to freeze mode. Note 
that Systemjnit is an iterative procedure running at the rate of the partition, i.e. delta time is equal to the 
partition's period time. The RTSSW executive software will detect overruns in this mode. 

4.2.5 Freeze 

Freeze mode is an iterative procedure in which RTSSW will detect overruns. 

• RTSSW sets delta time to 0. 

• Class stru ctures sho uld be able to run with a del ta tim e equal to zero or greater. 

• Partitions will execute a procedure that takes the delta time change into account. 

Two methods to accomplish this: 

•• Partitions may use their existing RUN procedure if it is able to take into 
account the reset of delta time. 

•• Partitions must supply a unique FREEZE procedure if special processing 
must be performed due to delta time being set to zero. 

Messages will continue to be sent, received, and responded to by the partitions. Malfunctions will be held 
at the IOS until the Freeze mode is complete. 

4.2.5. 1 Asset Add 

Prior to attempting to add an asset, the asset will have completed the PROGRAM ELABORATION, 
SETUP/REGISTER I/O, and CREATE DATA steps. An asset may be added while the session is in Freeze, 
or Run mode. 

When adding an asset during run mode, one-way communication is established with the asset prior to 
passing data. Data is then passed to the asset so that it can initialize itself with the ongoing simulation. When 
everything is synchronized and it is time to join the asset to the simulation, the communication becomes 
two-way and the interface agent acts as a pass-through for the data transfer. The same basic steps apply 
when adding an asset during freeze mode; however, a system initialization may take place after 
communication is established. After all partitions have completed system initialization and checked in, the 
simulation will automatically transition to freeze mode. Refer to section ( ) for more information regarding 
Interface Agents. 

4.2. 5.2 Asset Drop 

An asset can be dropped in Freeze, Run, or Terminate mode. The interface agentsjire the only Partitions 
with activity in this phase. They will receive the Drop command from the training session mode manager and 
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cease communication with the asset. The interface agent is now responsible for simulating the asset's 
outputs rather than acting as a pass through for the asset. 

4.2.6 Run 

During run, partitions iterate with their period time equal to delta time via their Run procedure. Messages are 
sent and received. Malfunctions and other commands will be entered and processed. Note that Run is an 
iterative procedure. RTSSW will detect overruns. 

4.2.6. 1 Asset Add 
Refer to section 4.2.5. 1 . 

4 .2.6.2 Asset Drop 
Refer to section 4.2.S.2. 

4 .2. 6.3 Safestore 
Refer to section 4.6. 

4.2.7 Hold 

In HOLD mode, partitions are in a suspended state and not executing, therefore overruns are not detected. 
This mode is used to process a Datastore or an Abort request. Hold will also be entered to initiate an 
initialization. Mailboxes will be populated with data for initialization if appropriate, but will not be read until 
Initialization is commanded by the IOS (that is when the Selfjnit procedure is executed). Malfunction 
information and messages will not be passed between partitions during this mode. 

4.2.7. 1 Datastore 

When a datastore is requested, the session transitions from FREEZE to HOLD mode and RTSSW collects 
all datastore terms that have been identified in the DIS. Taking a datastore in this manner ensures that a 
time-homogeneous data set is collected. During Datastore, partitions are in a suspended state (Hold mode) 
and do nothing. Refer to section 4.5 for more information about Datastores. 

4.2.7.2 Abort 

Abort conditions are detected by RTSSW. These are severe conditions that will not allow processing to 
continue. Due to the severity of this condition, the Abort detection must be processed immediately. 
Therefore, this transition is not an orderly one. During other mode transitions, the simulation does not begin 
executing in the new mode until all partitions have completed execution in the current mode. When the Abort 
transition occurs, partitions are commanded to transition to a Hold or suspended state as soon as the 
command is received (i.e., the next time they are released for execution). Partitions may not have completed 
their processing in the current mode when they receive the new mode. The following steps describe the Abort 
sequence: 

• RTSSW detects an unrecoverable error condition and sends an Abort command 
to the Training Manager. 

• Upon receipt, the Training Manager issues the Abort to all assets. The transition 
to Abort (actual transition to HOLD mode, the partition’s are not executing) is 
processed immediately and is not dependent upon the OBCS’s requirements for 
advanced notification of mode transitions. This disorderly shutdown may cause 
the OBCS to be placed in an unstable state. 

• Partitions will each complete their current period’s execution and then transition 
to Hold mode. 

• RTSSW will then receive a command to initialize either through a return to data 
store point or initialization point. However, the error condition may be deemed 



I too severe to attempt a recovery. In this case, RTSSW will receive a commar .: 

transition to terminate. In either case, RTSSW will wait for further instructions 
from the IOS. 

•• RTSSW will read the initialization data and populate the partition's message 
buffers. 

•• Partitions will self initialize. 

•• The system will then Initialize and an automatic transition to freeze will occur. 

4.2.8 Terminate 

During terminate, assets are dropped, partitions complete execution, and the RTSSW executive and 
communication software gracefully ceases execution. Each partition provides a Terminate procedure which 
shall allow for a graceful termination of that partition. Note that Terminate is a one-pass procedure. The 
RTSSW executive software will not detect overruns during terminate. 

4.2.9 Run To Freeze Transition 

• The request to Freeze is issued by tf JS to RTSSW. 

I « Training Session Manager compute? cased on the registered worst case run to 
freeze transition times (See section 4.2.1), the earliest point in time the simulation 
can transition to freeze. 

• Training Session Manager commands the Platform Managers to transition their 

I Mode Controllers in each CPU to Freeze 

•• The time to transition is included in the command to the Platform Managers. 

• When the time to transition is reached, the simulation will transition to the new 
mode. 

Ovals represent procedures that the partition developer will provide when the generic model is instantiated, 
while the explosions represent special case processing in which only a few partitions may need to supply 
procedures. (Note: these procedures will not be required for the generic instantiation.) Rectangles represent 
software that RTSSW is responsible for providing and clouds represent logical groupings of activity. 

4.2.10 States of a Training Session 

Figure 4.2.10-1 denotes the states of a training session: null, session nucleus, and target session active. 
A training session starts out as null; that is. no session exists. Before the OSS attempts to establish a new 

I training session, several things are assumed to be established. 1) The Session Computer (SC) operating 
system will be configured for simulation and loaded into the correct CPU's. 2) A SaC process will be running 
on the SC and will send status information to the OSS computer. (This information will be used to determine 
the availability of the SC for configuration into a training session.) 3) The OSS is responsible for down-loading 
the training files into the correct machines. 4) The executable code is brought up on the SC in the correctly 
configured CPU’s. 

When a new training session is desired, the OSS first determines the availability of a session computer (SC) 
with its associated Data Management Set (DMS) string and at least one Instructor Station. Then the OSS 
directs the SC to establish a new training session with its DMS string and the available instructor station. If 
communication between the SC and its DMS string or between the SC and the Instructor Station cannot be 
established, the training session Is not established (training session remains in the null state) and the three 
assets remain available for configuration into another training session. When the training session is 
established, it transitions from the null state to the session nucleus state. While in this state, it may 
commanded by the OSS to add or drop other assets as required to form the desired hardware configuration 
for the training session. When the OSS detects that the desired hardware configuration has been reached, 
it commands the training session to transition from the session nucleus state to the target session active state. 
At this time, command and control of the training session is passed from the OSS to the Instructor Station(s). 


18 



ASSET 

ADD 


ASSET 

DROP 


ASSET 



Sattion, and requests 
Asset Adds for SC, 

DMS, and 1 1OS, as 
appropriate, to establish 
the Session Nucleus. 

OSS determines when 
the Nucleus configuration 
Is reached. 


the Target configuration 
is reached. 


Figure 4.2.10-1 Training Session States 

While in the target session active state, the training session may be commanded by the OSS to add or drop 
assets. 

4.2.11 States of an Asset 

Figure 4.2.11-1 provides the states of an asset: maintenance, pre-session, session active, and 
post-session. While in the maintenance state, tests and checkout procedures (and other activities involved 
with off-line testing) are performed on the asset's hardware. When the OSS detects that the asset's hardware 
is operational (on-line), the OSS transitions the asset from the maintenance state to the pre-session state 
(ready-to-load substate). 

An asset will remain in the ready— to— load substate until it is required for configuration into a training session. 
When the OSS has successfully loaded and started the asset, it transitions from the ready-to-load substate 

I into the loaded-and-ready substate. In this substate, the Asset sends out an Up_And_Ready message to 
the OSS, following completion of Simulation_Setup Processing. This notifies SaC that the Asset is ready for 
configuration instructions. Next, the asset awaits for a Create_Session command from the OSS. When the 
OSS commands the asset to create a training session, the asset transitions into the session connect substate. 
While in the session oonnect state, the Training Manager for the asset performs the necessary processing 
to create a training session then notifies Sac that it is Ready_To_Configure meaning the Asset is now ready 
to add assets to its established training session or to be added to another training session. In either case when 
communication is established between an asset and the training session, the asset transitions from the 
pre-session state (session connect substate) to the session active state. 

While in the session active state, an asset provides services that make it worthy of being configured in the 
training session. An asset’s responsibilities vary between assets. During session active state, an asset may 
transition between many different modes (such as Initialization, Run, Freeze, Hold, etc.). Also, the asset may 
receive an asset drop command from the training session (training session manager). Upon reception of an 
| asset drop command, the asset performs processing that will remove it from the training session. 

Upon completion of the asset drop, the asset transition into the post-session state. During the post-session 
state, the OSS saves asset-resident data which were created during the training session. Other activities 
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Figure 4.2.11-1 Asset States 

may also occur du ng post-session state, depending on the requ ments of the asset (such as running the 
OSS Productivity Monitoring Tool at an Instructor Station). When ail post-session state activities are 
complete, the asset transitions from the post-session state to the pre-session state (into either the 
ready-to-load substate or the loaded-and-ready substate). 
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4.3. The Messaging System 

There are four types of communication which are supported by the communication mechanism (software 
backplane) , see figure 4.3-1 . The first type is one producer sending to one or more receivers (one-to-many) . 
This is the normal method for modeling real world interfaces (wiring, plumbing, talking, etc.). In this type of 
communication messages are queued in rate based queues to insure that the receiver will receive time con- 
sistent messages based upon the relative exxecution rates of the sender and receiver. For example, if the 
receiver runs four times as fast as the sender, the receiver will receive every message sent four times. If the 
receiver runs one fourth as fast as the sender, the receiver will receive every fourth message sent. Even if 
the sender and receiver are not running at harmonic rates, time consistent messages will be received. 

The second type of communication is many producers sending to one receiver (many-to-one). This is a spe- 
cial case and should only be used by select systems (ENV, OBCS, EPS). Systems using the many-to-one 
interface will have to compute worst case message bursts for queue limit setups. In many-to-one commu- 
nication. messages are queued in a FIFO queue to insure that all messages sent to the receiver will be re- 
ceived independent of the rate at which the sender and receiver execute. 

The third type of communication is remote communication. It is used for messages that are sent to a remote 
node. Remote communication is not used by partitions, it is used by interface agents, RTSSW software, and 
a few special systems such as IOS which do not have Real-time Sessions Software running on them. Remote 
messages are also queued in FIFO queues. The one— to— many, many— to— one, and remote communication 
routines are located in package Message (see section 8.2). 

Users of the messaging system declare taypes for their message in an interface definition package. Pointer 
types (access types) to each of the message types are also declared in this package. Partitions wishing to 
communicate WITH the appropriate interface definition packages and declare local objects of the access 
types for the messages they wish to send and receive. These local pointer objects will be registered with the 
software backplane. The software backplane will control them so that they point to the appropriate locations 
in the message buffers. Therefore, to send and receive messages, partitions just reference and de-reference 
their local pointers; the data may or may not actually get copied. Because messages are referenced by point- 
ers, and because discriminants of a variant record referenced by a pointer cannot be changed, messages 
cannot be variant records and receive the benefits of variant records. _ 

The fouth type of communication is mailbox communication. Mailbox communication is a special slow rate 
command and control messaging operation that is intended mainly for initialization, return to safestore, mal- 
function requests, and IOS enter operations. It is not encouraged as ageneral, partition to partition, commu- 
nication mechanism. Mailbox messages are a stream of packed bytes that require packing and unpacking 
of data by the senders and receivers. It does not enforce Ada strong typing constructs. It is up to the sender 
and receiver to insure that they are using the same data types for mailbox messages. Unlike the messaging 
system where senders and receivers must register for specific messages, mailbox messages are dynamically 
routed. Each mailbox has a FIFO queue that holds incoming messages. 

Partitions may have more than one mailbox. Each mailbox must have a unique prefix. Prefixes are associated 
with the owner of the mailbox through the DlS.Register_Component operation (see section 4.4.1). The mail- 
box system currently supports six types of messages, return to safestore messages, return to datastore mes- 
sages, malfunction messages, enter messages, mega messages, and user defined messages. The first five 
types (safestore, datastore, malfunction, enter, and mega) are referred to as predefined messages because 
they have predefined data types. The predefined data types along with their operations are defined in four 
support packages; Safestore_Mailbox, Malfunction_Mailbox, Enter_Mailbox, and Mega_Mailbox. The mega 
message is used for return to datastore messages. In general, mega messages are used to send sets of data. 
These data sets may be logically related data items such as the x, y, and z values of a state vector which must 
be received by the model at the same time, or they could be a group of related data items such as the terms 
for a return to datastore. User defined messages are used for messages other than one of the predefined 
messages. The mailbox communication routines are located in the package Mailbox (see section 8.3). 

4.3.1 One-to-Many (Normal) Communication 

The producing partition registers its output messages with the software backplane using the "Regis- 
ter_To_Send_Msg" operation during the Setup submode. During the Create Data submode, the producing 
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| FIGURE 4.3-1 

partition calls ”Create_Msg”. If buffers for this message have already been created in the software backplane 
the producers local pointers will be set to point to the message buffers. Otherwise the buffers will be created 
and then the pointers will be set. After ~Create_Msg" has been called the receivers local pointer will be point- 
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ing to the first write buffer for the particular messages. The partition should also initialize its output messages 
during the Create Data submode. This is done by updating the local pointers and then calling the "Put” opera- 
tion. Note that local pointers cannot be updated until after the "Create_Msg" operation has been called. As 
the partition executes, it continues to update its local pointers and send out messages with the "Put" operation. 
The messaging system does not automatically refresh data. This means that after calling the "Pur operation, 
the partitions local pointer will be pointing to a new memory location and the partition should not make any 
assumptions about the values in this memory location. Therefore, partitions should output data in complete 
messages and should not read from their output pointers. If automatic data refresh turns out to be needed, 
an option to provide this capability may be added to the messaging system in the future. 

The receiving partition registers to receive input messages using the "Register_To_Recv_Msg" operation dur- 
ing the Setup submode. During the Create Data submode, the receiving partition calls "Create_Msg”. If buff- 
ers for this message have already been created in the software backplane the receivers local pointers will 
be set to point to the message buffers. Otherwise the buffers will be created and then the pointers will be set. 
To receive a message the partition calls the "Get" operation and de-references its local pointer. The local 
pointer must be de-referenced after the "Get" operation has been called and during the same period. The 
local pointer is only valid for one period. There are two variations of the "Get" operation: "Get" and "Get_Lat- 
est”. The "Get" operation provides time consistent messages relative to the execution rate of the consumer. 
This guarantees that, for example, a receiver executing half as fast as the producer will always get every other 
message produced. Time consistent messages are guaranteed by giving the receiving partition the most re- 
cent message that was valid at the beginning of its current period. Therefore, the partition is receiving data 
that was produced during its previous period. The ”Get_Latest" operation allows the requesting partition to 
receive the most recent message sent by the producer. Note that this operation does provide time homoge- 
nous data but not time consistent data. The time deltas between the messages received will vary depending 
upon the relative execution order of the producer and consumer. Both the "Get" and "Get_Latesf operations 
optionally return the time that the message was sent if the "Msg_Tlme" parameter is supplied. 

4.3.2 Many-to-One Communication 

The many-to-one communication works similar to the normal communication (one-to-many). The produc- 
ing partitions register their output messages using the "Register_To_Send_Msg" operation during the Setup 
submode. During the Create Data submode, the producing partition calls "Create_Msg". If buffers for this 
message have already been created in the software backplane the producers local pointers will be set to point 
to the message buffers. Otherwise the buffers will be created and then the pointers will be set. As the parti- 
tions execute, they update their local pointers and call the "Put" operation to send the messages. All mes- 
sages sent are placed in the receivers queue. The exception "Queue_Full” is raised if the receiver’s queue 
is full when the "Put” operation is called. 

The receiving partition registers to receive input messages using the "Register_To_Recv_Msg" operation dur- 
ing the Setup submode. During the Create Data submode, the receiving partition calls "Create_Msg". If buff- 
ers for this message have already been created in the software backplane the receivers local pointers will 
be set to point to the message buffers. Otherwise the buffers will be created and then the pointers will be set. 
To receive a message, the partition calls the "Get" operation and de-references its local pointer. The local 
pointer must be de-referenced after calling the "Get" operation and during the same period in which it was 
called. All messages sent to the receiver are queued in FIFO order, the 'Get' operation retrieves the next 
message in the queue. The size of the queue is specified as a parameter to the ”Register_To_Recv_Msg" 
operation. The queue size should be determined based upon two factors. First, the number of possible send- 
ers and second, the relative execution rates of the senders and the receiver. If the receiver is executing faster 
than the senders or at the same rate as the senders, the queue size must be at least as large as two times 
the number of senders. If the receiver is executing slower than the senders the following formula can be used 
to calculate the queue size: [(senders rate / receivers rate) x 2] x # senders. For example, if the receiver is 
executing at 1 0Hz with three senders executing at 40 Hz the queue size should be [(40 / 1 0) x 2] x 3 * 24. 

The "Number_Of_Msgs_To_Get" operation returns the number of messages that have been sent and are 
available for the receiving partition to retrieve. The "Get" operation will raise the exception ”No_Messages” 
if it is called when there are no messages to be retrieved. The "Get" operation also optionally returns the time 
that the message was sent if the "Msg_Time" parameter is supplied. 



4.3.3 Remote Communication 


Remote communication is not used by partitions, it is used by interface agents, RTSSW software, and a few 
special systems such as IOS which do not have Real-time Sessions Software running on them. Remote com- 
munication works similar to the many-to-one communication. The producers register their output messages 
using the "Register_To_Send_Msg" operation during the Setup submode. During the Create Data submode, 
the producing partition calls "Create_Msg". If buffers for this message have already been created in the soft- 
ware backplane the producers local pointers will be set to point to the message buffers. Otherwise the buffers 
will be created and then the pointers will be set. To send messages the producers update their local pointers 
and call the "Put” operation. As messages are sent they are picked up by the router and transmitted to the 
destination node. There can be more than one receiver of a remote message on a node. 

The receivers register to receive input messages using the ”Register_To_Recv_Msg" operation during the 
Setup submode. During the Create Data submode, the receivers call "Create_Msg”. If buffers for this mes- 
sage have already been created in the software backplane the receivers local pointers will be set to point to 
the message buffers. Otherwise the buffers will be created and then the pointers will be set. To receive a 
message, the receiver calls the "Get" operation and de-references its local pointer. The local pointer must 
be de-referenced only after calling the "Get" operation and during the same period in which it was called. 
All messages sent to the receiver are queued in FIFO order, the "Get" operation retrieves the next message 
in the queue. The size of the queue is specified as a parameter to both the ”Register_To_Recv_Msg" and 
”Register_To_Send_Msg" operations. The queue size should be determined based upon two factors. First, 
the number of possible senders, and second, the relative execution rates of the senders and the receiver. 
If the receiver is executing faster than the senders or at the same rate as the senders, the queue size must 
be at least twice as large as the number of senders. If the receiver is executing slower than the senders the 
following formula can be used to calculate the queue size: [(senders rate / receivers rate) x 2] x # senders. 
For example, if the receiver is executing at 1 0Hz with three senders executing at 40 Hz the queue size should 
be [(40 / 1 0) x 2] x 3 = 24. All senders and receivers should use the same queue size. 

The "Number_Of_Msgs_To_Get” operation returns the number of messages that have been sent and are 
available for the receiving partition to retrieve. The "Get" operation will raise the exception No_Messages if 
the "Get" operation Is called when there are no messages to be retrieved. The "Get" operation also optionally 
returns the time that the message was sent if the Msg_Time parameter is supplied. 

4.3.4 Mailbox communication 

Mailbox are registered using the "Register_Mailbox” operation during the Setup submode. Anyone wishing 
to receive mail messages must register a mailbox. 

The sender of a predefined mail message creates the local message using the "Create" operation in the ap- 
propriate support package (Safestore_Mailbox.Create, Malfunction_Mailbox.Create, etc.). The message 
may then be sent using the appropriate put operation in package Mailbox (Put_Safestore_Msg, Put_Malfunc- 
tion_Msg, etc.). 

The receiver of a mail message must check its mailbox to determine the number of messages present. This 
is done using the "Num_Mail_Msgs" operation. Then, for each message in the mailbox, the receiver calls the 
"Get_Next_Msg_Type" operation to determine the type of the next message. The "Get_Next_Msg_Type" op- 
eration will return one of the six supported types, Retum_To_Safestore, Retum_To_Datastore, Malfunction, 
Enter, Mega, or User_Defined. If the type is one of the predefined types, the receiver calls the appropriate 
get operation (Get_Safestore, Get_Malfunction, etc.) to receive the message. The support packages can be 
used to interpret messages of predefined types. 

Some mailbox users will need to use mail messages for purposes other than Safestore, Datastore, Malfunc- 
tion or Enter. For this reason the mailbox system provides support for user defined mail messages. Instead 
of using the types and operations in Safestore_Mailbox, Malfunction_Mailbox, Enter_Mailbox or Mega_Mail- 
box, the user defines their own type for a mail message and is responsible for packing it themselves (as op- 
posed to calling a “Create" operation in a support package). Sup port for user defined mes sages is pro vided 
through generic operations: "Get_User_Defined_Msg_Type", "Get_User_Defined_Msg", and 

"Put_User_Defined_Message". The sender and receiver must declare a type that will allow them to uniquely 
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identify the user defined message. This is referred to as the User_Defined_Msg_Types. It is recommended 
that an enumeration type be used for this. There are two restrictions placed on this type. First, it must have 
a size of 32 bits, and second, the values that objects of the type take must be positive. The sender instantiates 
the Tut User Defined_Msg" operation with the type for User_Defined_Message_Types and with the type 
for the mail message itself. After the sender builds the message by assigning to its local copy of the mail mes- 
sage, the instantiation of "Put_User_Defined_Msg” is called to send the message. The receiver instantiates 
the "Get User_Defined_Msg_Type" operation with the type for User_Defined_Message_Types and the 
"Get User_Defined_Msg” operation with the type for the mail message. The receiver checks its mailbox for 
messages using the "Num_Mail_Msgs” operation. For each message in the mailbox the receiver calls the 
”Get_Next_Msg_Type" operation to determined the type of the next message. If it is a user defined message 
the instantiation of "Get_User_Defined_Msg_Types" is called to determine which user defined message it is. 
Once the receiver knows which user defined message it is receiving, it can call the appropriate instantiation 
of "G et_Use r_Defi ned_M sg ’ to receive the message. It is up to the sender and receiver to ensure that they 
are both using the same data type for user defined mail messages. 


4.3.4. 1 Mailbox Reads by Partitions 

On an initialization to a Datastore/Safestore, partitions will receive messages containing the datastore/safe- 
store data via their partition mailbox. The partitions are responsible for interpreting the data stream. The data 
stream will contain the identifier and value of each data item. See section 4.4.4 for an example of a mailbox 
processing procedure. 
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4.4. The DIS C '©pt 


4.4.1 What Is tht JS? 

The DIS is used to build a symbol table which identifies data items in the running session. The identifiers are 
created using Aba code, and can be used by on-line code as well as by off-line tools. It will be used to support 
the following SSVTF capabilities: 

• IOS Look & Enter capability 

• Datastore/lnitialize 

• Identification of messages passed between SSVTF partitions 

• Data Logging 

DIS stands for Distributed Identifier Specification; the identifiers created using it can be distributed anywhere 
in the network for data requests. The DIS is composed of a top-level package of general definitions and a 
set of packages that declare identifiers for different SSVTF systems. The top-level package, called DIS, 
is written by the RTSSW group, and the general definitions it contains are for ide ~ ?r types and subprograms 

which ccerate on these types (see an outline of the specification in section 8.4’ ; : body of the DIS package 

holds r symbol table; identifiers are added to it by calling the DIS's ‘Regisr-. subprograms. The set of 

oackac. which declare identifiers and call these registration functions are re; _ ;d to as DIS-related pack- 
ages. ?se packages are to be written by the model developers, and must follow certain rules (presented 
later in .3 discussion) for their format and names. 

There are five major abstract data types in the top-level DIS package: ComponentJD, TypeJD, TermJD, 
MessageJD, and MalfunctionJD. 

A ComponentJDglves a name to a configuration component of the SSVTF. A ComponentJD may refer to a 
high-level, or large, component like Robotics or Environment, or it may refer to a much lower-level compo- 
nent like the left arm of the SPDM mechanism within the Robotics system. Each ComponentJD is registered 
‘below’ some other component. For example, if Robotics is composed of SPDM, SSRMS, and MT compo- 
nents, these are registered with Robotics as the parent component. In this way, a hierarchy of components 
can be established. ComponentJDs, TypeJDs, TermJDs, and Malf unction JDs can be registered at any 
level in the hierarchy of components. The levels are pictorially represented in figure 4.4-1 . A ComponentJD 
can be registered as an array by setting - Length’ parameter tc -La number of elements desired. This is a 
way of registering a single name that repn 5 a " jfcompone - which obtain identical elements but are 

distinct instances; for example a compone ray Teusedtc jsterfc aat transfer units if they are all 

I alike. Each element of a ComponentJD array is its c : a unique Ccponent_ . The component array can be 
indexed using ordinal numbers (from 1 to Length) or string labels (e g.. Left, Middle, Right). A prefix indicator 
can be supplied with the registration call. In most instances, this means that the ComponentJD being regis- 
tered is also the identifier for a partition and it's mailbox. (If there is more than one mailbox for a partition, each 
should be identified by a different ComponentJD prefix.) 

A TypeJD is a descriptor for data items and can be used by TermJDs to provide mappings for complex types. 
The DIS supports integer types (of 8, 1 6, or 32 bits), floating point types (single or double precision), the type 
String (fixed-length), type Character, and enumeration types. The DIS declares a Type_Tag which is used to 
distiguish between these options. An integer, floating point, or character type identifier may be supplied with 
upper and/or lower bounds. Enumeration type identifiers must be supplied with a list of labels that represent 
the enumeration literals. Enumeration representation values may optionally be supplied at registration time. 

I Subtypes are TypeJDs which are based on previously registered TypeJDs, but with (possibly) different up- 
per and lower bounds. They can be registered using a Register_Subtype routine — there is one each for 
integer, floating point and character types. The name of the subtype is the same as its base type, unless an 
optional name parameter is supplied to Register_Subtype. It is important to name types and subtypes so that 
they indicate clearly the engineering units that the user will see at the IOS. 

A TermJDgwes a symbol name to a data item within a software model. The registration of the name includes 
the necessary type information with a TypeJD. A Length parameter greater than one registers a TermJD 
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I array, multipl© terms of the same type. Each element of a Terro_!D array is a separate DIS Term_ID, like a 
ComponentJD array, this can be indexed by ordinal numbers or string labels. 

A Message JD is a symbol for identifying messages transmitted in the software backplane. Message JDs 
are registered in a partition's interface definition package. The only required information about a Message JD 
is the size, in bits, of the data to be sent. In addition, one can specify that it identifies a safestore message. 

A MalfunctionJD is a name which can be used by the IOS page developers to invoke a malfunction In the 
running session. The malfunction identifier includes descriptor information that determines the kind of param- 
eters which can be sent with the identifier to the host. A MalfunctionJD array can be used to register a mal- 
function that applies to many entities; as with TermJD arrays, thte is accomplished by setting the Length pa- 

I rameter the the number of malfunctions desired. As with TermJD arrays and ComponentJD arrays, each 
element of a Malfunction JD array is a unique identifier, and the array can be indexed by ordinal numbers or a 
set of string labels. 

There are four categories of malfunctions, distinguished by the kind of parameters which can be passed to 
them. First is the * simpler or ■parameterless" malfunction; this is registered with no parameter information; 
when an instructor activates this kind of malfunction, no input parameters are passed to the model along with 
it. Second is the ■ option s" malfunction; a single enumeration-type parameter is passed to the malfunction to 
indicate the behavior desired. For example, if a valve can be failed in one of four positions, an enumeration 


27 



type identifier would be registered which lists the four positions; this list will be displayed to the instructor when 
the malfunction is activated. The instructor will select the correct position at which to fail the valve; this selec- 
tion will be passed to the model as the parameter for the malfunction. Third is the “ Pi " malfunction; a single 
floating point value is supplied with the malfunction. The fourth kind of malfunction, “P1_P2", is supplied with 
two floating point values; these are typically used for scale and bias. When registering a malfunction which 
has floating point type parameters, the Px_Name and Px_Type parameters are always required. Px_Low and 
PxJHigh limits can be supplied; if they are not supplied, the high and low limits of the malfunction parameter 
are taken from the type registration for Px_Type. 

Each type is declared “private” in the DIS package spec. For each, there is a “Register_..." function 

that returns a value of the respective type (e.g., there is a “Register_Term" function which returns a TermJD). 
These are the functions that are called by the DIS-related packages which are written by the SSVTF model 
developers. Each of these functions has the side-effect of adding the identifier to the symbol table in the DIS 
package body. Because the identifiers being added to the DIS are not to be changed at runtime, the identifiers 
are to be declared constants in the DIS-related packages. 

Along with the identifier types and registration functions, a number of other supporting types and functions are 
declared in the top-level DIS package. “User'’ is an enumeration type which provides tags that indicate the 
uses of a TermJD; e.g., a TermJD with User “Look_Enter" means that the term being identified can be ex- 
amined or changed by IOS or data logging. When registering a TermJD, a list of users is supplied as an 
array — the UserJJst parameter. The default combination of “Look_Enter" and “Initialize" in this list means 
that the term can be examined and changed by IOS, and is to be inculded in the Datastore/lnitialize data set. 

Supporting functions include selectors for information associated with identifiers, such as the string name of 
an identifier, the number of levels associated with ComponentJD, the type tag associated with a TermJD, 
and the different descriptor information associated with a TypeJD. 

Entities in the real software are “connected” to DIS identifiers by the operations Connect_Term, Connect_Mal- 
function, and Connect_Prefix. The “Register^.." functions are calle d fro m the DIS-related packages written 
by the model developers, and provide the static DIS information needed by off-line tools; the “Connect_...” 
operations supply the additional run-time information needed to locate data and partitions. The Con- 
nect_Term procedure makes an association between a TermJD and the address of the data which is referred 

I to by the identifier. This allows the data to be retrieved “through the backdoor”. Connect_Malfunction is called 
for malfunctions which need to be datastored or which will be “poked 1 using the Malfunction_Mailbox package. 
An address is required for each parameter to be associated with the malfunction, as well as an address of a 
Boolean value, the “active" flag, which indicates whether or not the malf is currently activated. The Con- 
nect_Prefix procedure’s ComponentJD parameter must have been registered with Prefix => True. If a parti- 
tion will receive messages in more than one mailbox, each should be identified with a different prefix Compo- 
nentJD, and each of these needs to be connected with Connect_Prefix. The prefix name should uniquely 
identify a particular mailbox. 

4.4.2 How Is the DIS Organized? 

The DIS-related packages are organized in a hierarchy. The top-level DIS-related package is called 
SSTF_Defs (all DIS-related packages have the suffix “_Defs"), and is written and maintained by the RTS 
group. This package registers the ComponentJDs for the top-level systems in the SSVTF, which includes 
Robotics, Environment, USAD, USAV, Visual, SNS, and others. It also registers TypeJDs and supplies 
Type_Tags which correspond to the ones in the SSVTF Standard JEngineeringJypes package. See Appen- 
dix II (section 8.5) for the complete specification of the SSTF_Defs package. 

For each ComponentJD in the above package, another package must be created which defines the identifi- 
ers that exist at the next lower level in the DIS hierarchy (this is a general rule for DIS-related packages). 
Thus, there must be a package for Robotics (which would be written by the Robotics group), and it will look 
something like this; 


with DIS, SSTF_Defs; 
package Robotics_De£s ia 
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package DD renames SSTF_Defs; 

— Identifiers for Robotics components. 


MT 

: constant 

SSRMS 

: constant 

SPDM 

: constant 

AVU 

: constant 

MBS 

: constant 

MMD 

: constant 


DIS . Component_ID := DIS . Register_Component 
(DD . Robotics , "MT" ) ; 

DIS . Component_ID := DIS . Register_Component 
(DD. Robotics, "SSRMS") ; 

DIS.Conponent_ID := DIS . Register_Component 
(DD. Robotics, " SPDM" , Prefix => True); 
DIS.Component_ID := DIS.Register_Component 
(DD. Robotics, "AVU", Length => 4); 

DIS . Component_ID := DIS . Register_Component 
( DD . Robot ic S , "MBS " ) ; 

DIS . Component_ID : = DIS . Ragister_Coniponent 
(DD . Robotics , "MMD" ) ; 


end Robotics Defs; 


This package would be written by the Robotics group. Similar packages would be developed for USAD, Envi- 
ronment etc. Notice that the hierarchy concept is recursive: for the Robotics systems there must be an 
SSRMsiDefs package, an MT_Defs package, an SPDM_Defs package, etc.; and for each ComponentJD 
registered in these packages, another package must be written. For a component array like AVU. only one 
AVU Defs package needs to be written; the identifiers defined in this package will be duplicated the appropri- 
ate number of times; in this case four. The current design of the DIS permits up to seven (7) levels of compo- 
nents to be registered. TermJDs, TypeJDs, and MalfunctionJDs can be registered at any level in the hierar- 

I chy See Figure 4 4-1 . Two rules must be followed to ensure that the Dis is created properly: (1 ) all IDs in the 
same m _Defs‘ package must be registered with the same Parent Component and (2) the same Compo- 
nentJD must not be used as a Parent in more than one m _Defs" packages. 

The hierarchy of DIS-related packages should reflect the hardware, not the software, structure of the mod- 
eled system. There are two reasons for this: (1 ) the DIS exists mainly to provide a window into the system for 
IOS and system initialization; the people performing these duties are not likely to know (nor should they have 
to know) the software organization of the system (i.e., the partitions, object classes, etc.); and (2) the software 
structure of the si mu lator wil I probably change more frequently than the hardware configu ration , and changes 
to the DIS hierarchy should be minimized, since this has adverse effects on re-compilation. Therefore, the 
way a system (like Robotics or USAD) is organized from the user's point of view is how the DIS-related hierar- 
chy should be organized. The relationship between this organization and the ’partition’ organization is dis- 
cussed below: see “Connecting Terms and Prefixes’. 

(Note that Message JDs do not appear in ’_Defs” packages, but in the appropriate partition’s interface defini- 
tion package, with the suffix •_lntfc_Defs , \ They do not form any part of the \_Defs hierarchy.) 

In addition to the hierarchy rule, other guidelines need to be followed in order for the DIS to work properly. All of 
these DIS-related packages should have no ’state"; i.e., all of the identifiers are constants, and no variable 
data should be declared in these specs. Furthermore, no subprograms may be exported from these pack- 
ages. The ‘_Defs’ packages should not have package bodies. Also, *_Defs’ packages should not “with other 
packages which have state or subprograms. This is because the entire ’_Defs" hierarchy is to be “withed 

offline for use by off-line tools. _ . . . . ... . .. 

Each TermJD must include type information in order to permit interpretation of the data being examined. The 
code below shows some examples of TypeJD, TermJD, and MalfunctionJD registrations. 


with DIS; 
with SSTF Defs; 
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with Robot ics_JDefs; 
package SPDM_JDe£s is 


I 


I 

l 


Circle_Degrees : constant DIS.Type_ID :■ DIS . Register_Subtype 

(Robotics_Def s . SPDN, Base => SSTF_Defs .Degrees, 
Low_Bound => -180.0, High_Bound => 180.0); 


Left_Arm_Yaw : constant DIS.Term_ID := DIS . Register_Term 

(Robotics_Def Sj SPDM, "Left_Arm_Yaw" , 
The_Type => CircleJDegrees) ; 

Left_Arm_Pitch : constant DIS.Term_ID :» DIS . Regsiter_Term 

(Robotics_Def s . SPDM, "Le£t_Arm_Pit ch" , 
The_Type => Circle_Degrees) ; 


Left_Arm_Roll : constant DIS.Tem_ID :» DIS . Register_Tezm 

( Robot ics_Defs . SPDM, "Left_Ann_Roll ", DIS . rioat_Tag , 
Users => (DIS. Look, DIS. Initialize) ) ; 


Direction_Labels constant String :* "Yaw, Pitch, Roll"; 

Right_Arm : constant DIS.Term_ID :• DIS . Register_Tenn 

(Robotics_Def s . SPDM, "Right_Arm" , 

The_Type => CircleJDegrees, Length => 3, 

Labels => Direct ion_Labels) ; 

Fail_Left_Ann ; constant DIS .Mal£unction_ID : = DIS . RegisterJMalf unction 

(RoboticsJDefs . SPDM, "Feil_Le£t_Arm" , 

Options *> SSTF_De£s . On_Of £) ; 

Fail_Right_Arm : constant DIS.Mal£unction_ID :■ DIS. Register_Malf unction 

(RoboticsJDefs . SPDM, "Fail_Right_Arm" , 

Pl_Name => "Degrees", Pl_Type => CircleJDegrees); 


end SPDM De£s 


A ComponentJD which is registered as an array (by supplying a length parameter to the Register_Compo- 
nent routine) requires only one “Defs" package which uses the ID as its parent. The DIS will automatically 
duplicate the contents of the “Defs’ package to each component represented by the multiple. 

4.4.3 Connecting Terms, Prefixes, and Malfunctions 

In the partition code, a modeler needs to supply a procedure to associate (or connect) addresses to term, 
malfunction, and prefix identifiers to the partition. This needs to be called in the Setup procedure . Here is an 
example: 


with Mailbox, Generic_Modol, SET, Robots_Types; 
package body SPDM_Partition is 

Le£t_Arm_Yaw ; Float; 

Le£t_Axm_Pitch : Float; 

Le£t_Arm_Roll : Float; 

| Left_Arm_On_Of£ : SET. On_Off ; 
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Right_Arm : array (1..3) of Float; 

Fail Right_Arm_Active : Boolean := False; 

Fail_Left_Arm_Active : Boolean := False; 

Right_Arm_Degrees : RobotsJTypes .Degrees ; 

Partition_Name : constant String "SPDM_Partition"; 

Mb : Mailbox. Mailboxes; — my mailbox 

procedure Update is separate; 
procedure Freeze is separate; 

— ...etc. for mode procedures. 

procedure Setup is separate; 

procedure Process_Mailbox_Re guests is separate; 

package My_Thread_Exec is new Generic_Model . Periodic 

(Name => Partition_Name, etc... 


end SPDH Partition; 


Each TermJD and MalfunctionJD must belong to a partition in the system. By “belonging" we simply mean 
that the data identified by a TermJD is located in an “owning" partition, and that the handling of a malfunction 
identified by a MalfunctionJD is done within a “owning" partition. No data item or malfunction handling is 
shared between partitions; there is only one “owner" per id. Apre/fxis a ComponentJD that directly identifies 
a single partition. The prefix of a TermJD or MalfunctionJD is that portion of the identifier which indicates the 
partition to which that identifier belongs. More than one prefix may identify a partition; also, all identifiers regis- 
tered under a particular prefix must be located within one partition. 

As an example of this, consider a partition that combines the SPDM arms and the power supply for the arms. 
Suppose that the following four components have been registered: Robotics.SPDM.Arms, Robo- 
tics. SPDM. Arms. Left_Arm, Robotics . SPDM . Arms . Right_Arm, and USAD.EPS .Arm_Power. If 
the data and malfunctions for all the identifiers in the packages Arms_Defs, Left_Arm_Defs, and 
Right_Arm_Defs are to be located in this partition, then Robotics . SPDM. Arms might be registered with Pre- 
fix => True7and the partition calls “Connect_Prefix" with the ComponentJD SPDM_Defs . Arms. This parti- 
tion also connects the prefix usad . bps . ArmjPower (which should also have been registered with Prefix => 
True), if the data and malfunctions for all the identifiers in that package are located in this partition. 

I In the following example of a Setup procedure, the data items being connected to identifiers are not complex 
types. This is not a realistic example, and is provided only to illustrate the way to call the Connect routines. 
The way to connect addresses to identifiers representing selected pieces of complex objects is to use the 
Symbol_Map package; this is discussed in Section 4.5. The “DIS.ConnectJ procedures should be called 
after creating the object instances in the Setup procedure. 


with DIS, SPDMJOefs; 

with Local; — a package to get local system information 
| procedure Setup is 
begin 

| .... — Create objects (see Sec 4.2.1) 

DIS . Connect_Term 

(SPDM_Def s . Left_Arm_Yaw, — first parameter is the Term_ID; 
Left_ArmJfaw' Address) ; — second is the actual data address. 

DIS . Connect_Term (SPDM_Def s . Left_Arm_Pitch, Left_Arm_Pitch' Address) ; 

DIS. Connect Term (SPDM Defs . Left_Arm_Roll, Left_Arm_Roll' Address); 
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DI S. Connect Tenn_Ar ray (SPDM_Defs . Right_Arm, Right_Arm(l) ' Address) ; 

DIS.Connect_Pre£ix (Robotics_Def s . SPDM, Local . Get JNoda_Name , 

Local. Get_Process_ID, Partition_Name) ; 

— if more than one prefix relates to this partition, 

— do another "Connect_P refix" call for that one. 

DIS . Connect_Malf unction { SPDM . Fail_Lef t_Arm, 

(Active_Addr => Fail_Left_Arm_Active' Address, 

Options_Addr => Left_Axm_On_Off ' Address, 
others => Dis.Null_Address) ; 

DIS . Connect_Malf unction ( SPDM. Fail_Right_Arm, 

(Active_Addr =»> Fail_Right_Arm_Active' Address, 

Pl_Addr => Right_Arm_Degrees' Address, 
others => DIS. Null Address)); 


end Setup; 


4.4.4 Handling Enters, Malfunctions, and Initialization data 

Connecting addressed to identifiers is enough to permit IOS to look at the data items. In order to allow IOS to 
'enter" values, it is necessary to receive messages from IOS through the partition mailbox. The reason for this 
is that a change of state like this cannot be done the way a read is done (backdoor via address) ; it is necessary 
to incorporate the new value in a controlled way that cannot corrupt the system in the middle of computation. A 
procedure should be written to handle this; in the example below, it is called Process_Mailbox_Requests. The 
mailbox is used to accept requests for IOS enters, s yste m initialization values, and malfunctions. This proce- 
dure should check for mailbox inputs and process whatever has arrived, applying the malfunction or new data. 
This procedure should be called at the beginning of the Run and Freeze mode subprograms. Thus, the up- 
date is incorporated in a controlled way. 

Notice that the different mailbox packages have the ability to 'poke* the data coming in. This takes the data 
that has come into the mailbox and puts it into the address that was connected for that data, whether it is 
malfunction data or term data being entered from l’“~ or returned from adatastore Initialize operation. The 
example shows how to treat some entered data w special processing (data which cannot just be directly 
placed into the target address), and how to poke the rest. 


with DIS, SPDM_Defs; 

with Mailbox, Enter_Mailbox, MalfunctionJMailbox, Safestore_Mailbox; 

separate (SPDM_Partition) 

procedure Process_Mailbox_Requests is 

Num_Msgs : Natural := Mailbox . Num_Mail_Msgs (Mb); 

Mora : Boolean; 

Msg_Type : Mailbox. Mag_Types; 

Size : Natural; 

E_Msg : Knter_Mailbox.Entar_Msg; 

M_Msg : Malfunction_Mailbox.Malfunction_Mag; 

S_Msg : Saf estoreJMailbox . Safestore_Msg; 

G_Msg : MegaJMailbox.Mega_Msg; 

begin 

for I in 1. .Num_Msgs loop 

Msg_Type : — Mailbox . Get_Next_Msg_Type (Mb) ; 
case Msg_Type is 

when Mailbox . Enter => 
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Mailbox. Get_Enter_Msg (B_Msg, Mb); 

if Enter_Mailbox. ID (E_Mag) * SPDM_Def 3 . Lef t_Arm_Yaw then 
— You only need to check the ID if you need to do 

— special processing on the incoming data. . . 

Left_Arm_Yaw : = Enter_Msgs . Convert_Float (E_Msg) ; 

— ... etc . 

elsif Enter_Mailbox. ID (E_Msg) « SPDM_Def s . Right_Arm_Yaw then 
Right_Arm_Yaw := Enter_Msgs .Convert_Float (E_Msg) ; 

— etc . . . 
elsif 

— etc . . . 

else 

— for all other enters, just call poke, which directly 

— places the data into its address . . . 

Enter_Mailbox . Poke (E_Msg) ; 

end if; 

when Mailbox . Return_to_Datastore | Mailbox. Mega => — datastore 

Mailbox . Get_Mega_Msg (G_mag, Mb) ; 

Mega_Mailbox . Go_To (G_Msg, SPDM_Defs.Right_Arm_Yaw, Found); 
if Found then 

Mega_Mailbox. Value (GJMsg, a-floating-point-variable) ; 

— process the floating point variable before assigning. 

— getting the value of a mega entry ensures that its 

— value will not be poked by a poka_all call, 
end if; 

Mega_Mailbox.Poke_All (G_Msg) ; — simply poke all other entries 
when Mailbox. Malfunction -> 

Mailbox. Get_Malfunction_Msg (M_Msg, Mb); 

if Malfunction_Mailbox.ID(M_Mag) ■ SPDM_Def s . Fail_Lef t_Arm then 

— do whatever it takes ... 

else 

Malfunction_Mailbox.Poke (M_Msg) 
end if; 

when Mailbox . Retum_To_Saf estora => — safestore 

Mailbox. Get_Safestore_Msg (S_Mag, Mb); 

if Safestore_Mailbox.ID(S_Msg) = A_Safestore_Message_Id then 
The_Safestore_Data_Ob ject . all :* 

Move_Data ( Saf estore_Mailbox . Value ( S_Msg) ) ; 
elsif ... — a different id then 

... — move the return value to the data item 
end if; 

end case; 

end loop; 

end P r oce s s_Ma i lbox_Reque s t s ; 


The DIS term registration can be used to tag datastore items for eventual retrieval. Each item tagged for 
datastore will be retrieved “in the background", like an IOS look. Each item tagged for safestore will be re- 
trieved through the software backplane; the partition must create software backplane ‘output messages" for 
these items. Both datastore and safestore items will be sent back (for return to datastore and return to safe- 
store) to the partition through the partition’s mailbox — the partition must have a special procedure to read this 
mailbox during initialization. 
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4. 4.5 How Will Off-line Tools Use the PIS? 

The identifiers registered with the DIS through the ‘_Defs’ packages are entered into the DIS body's data 
structure at elaboration time, before the start of the main program. Then a program may access any of the DIS 
data by calling functions and procedures in the DIS spec. While this works out well for real time models, it is 
not good for off-line tools to be dependent (in the Ada sense) on these packages. If any change is made to the 
registered identifiers, the off-line tool using the DIS would have to be re-linked in order to get the new identifier 
information. So, for off-line tools, the DIS tree will not be populated by the elaboration of ‘_Defs’ packages, 
but by the reading of a file. The DIS.Report routine saves the entire set of registered static information in a file 
which can be loaded into the DIS tree using the DIS. Load routine. The off-line tool is dependent on the file 
instaead of the packages; in order to get new versions of the DIS, a tool will have to load new versions of this 
file, but it will not have to be re-linked. 

An example of such an off-line tool is the DIS Browser, which displays the registered identifiers in a worksta- 
tion window so that IOS page creators can select an identifier and associate it with a screen gauge, button, 
or meter. (On-line tools that require the presence of the entire set of DIS identifiers, like the Datastore parti- 
tion and the Central look-at engine facility, will also use the report files rather than the ‘_Defs' packages.) 

The DIS.Load routine can work in two ways: when the File_List parameter is False (default), the From_File 

string parameter is the name of a file containing the output of a DIS.Report call. When the File List parameter 

is True, From_File indicates a file that contains a list of files, each of which was created by a DIS.Report call. 
Each group (USAD, Robotics, Environment, etc.) will create a different file using DIS.Report. Then these 
files will be listed in the file passed to DIS.Load; in this way the entire set if DIS identifiers will be loaded for 
tools which need to see the whole of it. 

The Dis.Report creates a non-expandedre port file by default. The report contains all information necessary 
for the Dis.Load call, and the output is summarized such that only a few lines are used for an id array, even 
if the array has hundreds of elements. By setting the -Expand’ parameter to True, and expanded report file 
is produced. Each line in the file is exactly one identifier— all of the arrays are expanded out. (Unlike the 
non-expanded report, the expanded report does not oontain enough information to re-create the entire Dis 
via a Load call.) The identifier on the line can be converted to its internal representation using the appropriate 
Dis.Convert call. The expanded report is useful for visual inspection of the Dis contents and for tools that 
need to search through or manipulate the entire Dis. 

Another way of using the Dis is through the Navigate package, a sub-package available in the Dis spec. This 
permits a tool familiar with the Dis structure to traverse through the Dis tree using the different types of ’han- 
dles’ defined by the Dis. 


| 4.5. Mapping Logical Name to Physical Address: DIS & Symbol Map 

In the SSVTF simulation data needs to be displayed at Instructor/Operator Stations (IOS). The DIS was 
created to assist in this problem. The DIS provides the IOS a logical view of the simulation by defining a meth- 
od of relating simulation terms to IOS page terms. However, the DIS in itself does not solve completely the 
problem of mapping physical Ada simulation terms to the IOS logical term. 

The SSVTF architecture encourages the use of partitions, classes, and class compositions. A class repre- 
sents a specific object and should not be aware of where it is used in the simulation — i.e., which other struc- 
tures (partitions, classes) may inherit it. However, there are Ada terms in the individual classes that may need 
to be visible at an IOS. How can these terms be registered in the DIS? 

A register symbol structure has been defined that can solve the problem. A class provides a procedure that 
registers Ada terms in the class with a symbol list. A structure which inherits the class (a parent) provides the 
class its name (the parent name) in the Create procedure. Thus, when class terms are registered in the sym- 
bol list the parentage is contained in the term name. In this manner, Ada terms within a class are registered 
with the symbol list. This provides a physical mapping of terms to simulation physical addresses. 

The specification for the Symbols package which manages the symbol list follows. 


with System; 
package Symbols is 


type Base_Types is (Integer, Real, Enum, Boolean) ; 






— ( Register associates an actual variable name with its type, address, and size. 
--I ** NOTE ** Register is only valid during Set_Up mode. 


-- | Parameters : 

--j Name: the full name of the variable 

-- \ Base_Type : the base type of the variable 

--| Tick_Address : the address of the variable 

__ [ ** Must use Variable' Address ** 

— i Tick_Size : the size in bits of the variable 

-_l ** Must use Variable' S ize ** 


I 


--J Exceptions Raised: 

-- | Duplicate_Name : raised if the same name is in the database 

— I Register Mode : raised if system Is not in Set_Up mode 


— 1 Example of how to use: 

— | Register (Name Parent & ".item*, 

— I Base Type => Symbols . Integer, 

— j Tick_Address => Inst ance . Item' Address, 

— j Tick_Size *> Instance . Item' Size) : 

*****»************************************************** 




procedure Register (Name : in String; 

Base_Type : in Base_Types; 

Tick_Address : in System. Address ; 

Tick Size : in Natural) ; 






Is Address is a function that returns the address of a registered symbol 
** NOTE ** Is Address also removes the symbol from the symbols database 


Parameter: 

Name : the full name of the registered variable 

Returns : 

Address : the address of the registered variable 


35 


--I Exceptions Raised: 

-- j Name_Not_Found : raised if the name is not in the database 

| *****★*******★***********★*********************♦************★****+**+****# 

function Is_Address (Name : in String) return System. Address; 


it************************************************************************** 

-- | Report is a procedure that prints the contents of the Symbol s_Table to a 
-- | data f ile . 

--| ** NOTE ** This routine is supplied for testing only, and should not be 

-- | called in real-time. 


-- 1 Parameter: 

— } Filename : the name of the output file 


Exceptions Raised: 

Those propagated by Text_Io. 




procedure Report (Filename : in String) ; 


t************************************************************************** 

Clear will remove all the remaining symbols from the Symbols_Table . 

** NOTE ** This routine should be railed by the partition in Set_Up, after aLl 
of the Dis. Connects have completed. 


-- 1 Parameter: 

-- i none 

— ! 

— I Exceptions Raised: 

— I Those propagated 

***********4r*************************************************************** 

procedure Clear; 


--{ Exceptions 


Name_Not_Found : exception; 

-- raised by Is_Address if the name is not currently in the database 
Dupl icate_Name : exception; 

— raised by Resister if the same name is currently in the database 
Regis ter_Mode : exception; 

— raised by Register if the system is not in Set_Up mode 


end Symbols; 


Abstract: Symbols is a service package that is used to associate 

variable names with their Type, Address, and Size 
attributes . 

How to use: 

for a Class (in the Create operation) 

call Symbols . Register for required variables 

for a Partition (in Set_Up) 

process all Class. Create operations 

call Symbols .Register for required partition symbols (optional) 
call Symbols .Report to show all registered symbols (optional) 
process all Dis. Connect operations 
call Symbol s .Clear to remove any unused symbols 
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Warnings : 


I 


The Register parameters Tick_Address and Tick^Size must 
be values that are the direct result of using the Ada 
Predefined Language Attributes P' Address and P'Size. 

A call to the Is_Address operation returns the address 
of the symbol, but also removes the symbol from the database. 


Now we need to map the physical address to the logical name registered in the DIS. This is achieved with 
the DIS.Connect_Term procedure. 


package DIS is 


procedure Connect^Term { Term : in Term_Id; -- DIS.Term_Id (Logical) 

Symbol : in String); Symbol .Register name 

(Physical) 


end DIS; 

In summary, the IOS logical view of the simulation is defined via the DIS and DIS_Defs packages. The physical 
address of simulation terms is captured via the symbol list (package Symbols). The two are joined via the 
DIS.Connect_Term procedure. 

The following figures depict how the logical to physical mapping works. The figure 4.5-1 provides code ex- 
cerpts of a partition, its associated DIS_Defs, and Class packages. The figure 4.5-2 provides a conceptual 
view of how the Set_Up procedure ties everything together. 
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package Partition; 


with Class_A, DiS, My_Defs; 
package body Partition is 
Zebra : Cl as s_A. Objects; 

procedure SetJJp is 
begin 
Class_A. Create 

(Instance => Zebra, 

Parent => ‘Partition. Zebra - 


D I S . Con nect_Term 

( Term => My_Pefs.VaJue_X, 
Symbol => ’Partition.Zebra.X" 
DIS.ConnectJTerm 

( Term => My JDefs. Value Jf, 
Symbol => "Partition. Zebra. Y“ 
DIS. ConnectJTerm 

{ Term => My^Defs. Command, 
Symbol => "Partition. Zebra. Cmd" 

end SetJJp; 

end Partition; 


with Other_Defs; 
package My_Def* is 

Va!ue_X ; constant DIS Term Jd 
DIS.Register_Term (Parent * 
Name 
TheJTag 
Users 

Value Jf : constant DIS Term Jd 
DIS. Register JTerm (Parent 
Name 
TheJTag 
UseFs 

Command : constant DIS.Term J 
DIS. Register JTerm (Parent 
Name 
TheJTag 
Users 

end MyJDefs; 


*> Other Defs.Sys, 

> "VaueJC, 

> DIS.FIoatJTag, 

> (1*> DIS. Look)); 

-> Other Defs.Sys, 

> "VauelY", 

:> DIS.IntegerJTag, 
>{1=> DIS. Look)); 
Id := 

> OtherJDefs.Sys, 

> "Command", 

:> DIS.EnumJTag 

> (l=> DIS.Look)); 


1 Symbol Ust 1 

Name Type Size 

Address 

I (Bits) jr | 

Partition. Zebra. X Real 32 

FACO 

Partilon. Zebra. Y Integer 32 

FAC4 

Partition. Zebra. Cmd Enum 8 

FACS 

Partition.Zebra.Dog.A Boolean 8 

FAC9 

Partition. Zebra. Dog. B Integer 32 

FACC 


package Cla*s_A is 

type Object is limited private; 

type Commands is (Set_Oty, Leak_Oil); 

procedure Create (Instance : in out Object; 
Parent : in String); 

procedure Request_State_Change 

(Instance : in out Object; 
Command : in Commands; 
Vai : in Integer); 

private 

type Object is 
record 
X ; Real; 

Y : Integer; 

Cmd : Commands; 

Dog : CIass_B.Object; 
end record; 

end Class_A; 


with Class_B, Symbols; 
package body C1 *m_A is 

procedure Report_Symbol$ 

(Instance : in out Objects; 
Parent : in String) is separate; 

procedure Create (Instance : in out Objects; 
Parent : in String) is 

begin 

Report_Symbols (Instance => Instance, 
Parent => Parent); 

— Make a class composition 
Class_B.Create (Instance => Instance.Dog, 
Parent *> Parent & " Dog”); 

end Create; 


separate (Class_A) 

procedure Report_Symbol« is 

(Instance : in out Objects; 

Parent : in String) is 

begin 

Symbols. Register (Name »> Parent & " X", 
BaseJType => Symbols. Real, 
Tick_Address -> In stance. X’ Address, 
Tjck_Size => Instance.X’Size); 

Symbols.Register (Name => Parent & “.Y", 
BaseJType => Symbols. Integer, 
Tick_Address => In stance. Y 1 Address, 
Tick_Size => Instance.Y’Size); 

Symbols.Register (Name «> Parent & " Cmd", 
BaseJType *> Symbols. Enum, 
Tick_Address => I nstance.Com’ Address, 
Tick^Size *> Instance.Com'Size); 
end ReporjSymbols; 




Figure 4.5-1 
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4.6. Datastore/lnitialization 


The following sections provide a textual description of datastore activities and requirements. The figures, at 
the end of this section, depict how a datastore is performed, where datastores are performed and how a return 
to datastore occurs, respectively. 

A datastore is an instructor initiated activity. The state of the simulation session is captured and saved to a 
disk file. The datastore may be saved and used in other simulation sessions. The datastore retains enough 
information to initialize the simulation to the same state at which the datastore was taken. 

4.6.1 Perform a Datastore 

The following steps are performed when a datastore is requested by the instructor. An instructor enters a 
datastore command along with some type of datastore ID. The IOS sends the datastore command and ID 
to RTSSW. RTSSW transmits the datastore command to all Ada mains and platforms (including APM and 
JEM). The session transitions to the Datastore mode synchronously. In the datastore mode, no data transfers 
occur except for those partitions responsible for communicating with hardware devices (to keep them from 
dropping off-line). The Datastore object, using the IOS Look-At technique and DIS, reads data from the simu- 
lation partitions (note that OBCS may be an exception to this method). The Datastore object buffers the data 
and writes it out to an ASCII disk file in records containing the fully qualified Ada DIS name, type, and value. 
RTSSW provides datastore status to SaC as required. Lastly, the session transitions to the Freeze mode, 
and RTSSW sends IOS the Freeze mode notification. 

4.6.2 Initialize to a Datastore 

The following steps are performed when an initialize to a datastore is requested. An instructor enters the ini- 
tialize to datastore command and corresponding datastore id. The IOS confirms the data entry and sends 
both the command and datastore id to RTSSW. The session transitions to the Initialization mode synchro- 
nously. The Datastore object opens the datastore file and reads the datastore data from disk. The Datastore 
object parses the datastore data and sends the datastore data to the appropriate partitions via mailbox mes- 
sages. Each partition reads its mailbox messages and self— initializes to its internal datastore values. The 
session then initializes to the datastore point during the system init mode. 

4.6.3 Partition Requirements 

For a partition to successfully be involved in a datastore event, the following rules must be adhered to: 

• Each datastore item must be registered in the DIS. 

• Each partition has a mailbox. 

• Each partition provides the software to process (input) the data from the mailbox. 

• Each partition provides a self— initialize routine to internally initialize to the datastore state. 


4.6.4 Datastore Notes 

RECON will not be dependent on the DIS to process datastore data. 

The datastore file will be ASCII to the extent practical. 

OBCS datastore (flight software terms) may be a special case. Due to the size and nature of the OBCS, the 
OBCS binary data may be handled in a differer* manner. OBCS will be responsible for the format of the binary 
data. OBCS data will probably be maintained own datastore file; the file name will correlate to the regular 

datastore file name/id. 

The datastore file(s) will have an id associating u. astore id, SGMT, and load id. RTSSW will create the datas- 
tore file name. A title and short description of the datastore will be entered by the instructor and placed in the 
datastore file. 
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CSIOP does not do a datastore to the CSIOP platform (the CSIOP interface agent in the Session Host pro- 
vides the CSIOP datastore data). 

SNS will do a datastore to the disk local to the SNS platform. The SNS datastore filename will correspond 
to the Session Host name for correlation by OSS/Recon in the datastore repository. 

Procedures are supplied (by RTSS W) to build and parse the mailbox headers for the datastore message data. 
(Refer to section 7.3 in Appendix I). 

The datastore data will be buffered by bytes, not by specific Ada data type. The Datastore object will supply 
the procedures necessary for converting the datastore information to the byte form. The return to datastore 
partition software will need to convert the 'bytes' to the appropriate Ada data type. 

On return to datastore, all the data for a partition will be buffered together in a single mailbox message. 



FREEZE mode, submode of Hold 
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RTSN 
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Note: Initialization to a Datastore/Safe- 
store will occur in an analogous man- 
ner on the SNS platform. 


Figure 4.6-3. Initialization to Datastore/Safestore 
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4.7. Safestore 


The following sections provide a textual description of safestore activities and requirements. Figure 4.7-1 
depicts how a safestore occurs. Figure 4.6-3 in the preceding section depicts a return to a safestore. 



Figure 4.7-1. Taking a Safestore 
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Safestore is taking a snapshot of the simu -tion - ronment at consist • intervals during the simulation run 

mode. The purpose of the safestore is for ?cove - lowing an expect termination of the simulation. A re- 
covery to a stable point before the termination o red can be accorr r shed by initializing first to the last 

datastore or initialization point and then applying o .e of the last four safestores. Note that a safestore set is 
much smaller than a datastore set. 

4.7.1 Perform a Safestore 

The Safestore interval defaults to 1 5 minutes. An instructor may set the safestore interval to a different value 
via the IOS. The IOS checks the validity of the specified interval and then transmits the valid safestore interval 
to RTSSW. Valid intervals range from a minimum of five minutes to a maximum of fifteen minutes in incre- 
ments of a minute. RTSSW sets the safestore interval as required/requested. Each partition produces safe- 
store messages at a consistent rate (minimum of 1 hertz). The safestore object determines the expiration 
of the safestore interval. The Safestore object collects all safestore messages from the partitions. The soft- 
ware backplane mechanism ensures that the safestore messages are time-homogeneous at the 1 hertz rate. 
The Safestore object buffers the data and outputs it to disk. 

4.7.2 Return to a Safestore 

The IOS receives a return to safestore comm nnd and safestore id from the instructor. The IOS sends RTSSW 
the return to safestore command and id. T' afestore object opens the safestore file and reads the safestore 
data from disk. The safestore object parses the data and places it in the mailbox for all appropriate partitions. 
Each partition processes (inputs) its mailbox message and self— initializes to the safestore state. 

4.7.3 Partition Requirements 

For a partition to successfully be involved ina safestore event, the following rules must be adhered to: 

• Register safestore messages with the software backplane. 

• Output safestore messages consistently at a minimum of 1 hertz. 

• Have a mailbox. 

• Process safestore data from the mailbox during a ’return to safestore’. 

• Self— initialize to the safestore state. 

4.7.4 Safestore Notes 

Four (4) safestores are maintained per training session. 

CSIOP does not perform a safestore. 

SNS does not perform a safestore. 

Propulsion. Environment, & GNC (on the Session Host) produce safestore data. 

Safestore files are not kept after a session is normally terminated. 

With safestore object on an asynchronous CPU, the safestore does not disturb the RMS algorithms. However, 
the safestore interval software interrupt may not be received immediately if the asynchronous CPU is ’busy’. 

An instructor may ’protect’ one of the four safestores during a session. The protected safestore will not be 
overwritten. 

The safestore interval object will need to be part of the onous simulation in order to be aware of sir i* 

tion modes (to reset after certain modes and not issut iterrupt during a “eeze). 

To reset to a safestore, first an initialization to the original .nitialization point (or datastore point) is performed 
followed by the application of the latest safestore. 
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On initialization to a new datastore point (or initialization point), previous safestores are essentially flushed. 
New safestores will relate to the current initialization point. 
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4.8. INTERFACE AGENTS 


4.8.1 INTRODUCTION 

This discussion of interface agents is limited to those innerface agents in the Full Task Trainer (FTT) of the 
Space Station Verification and Training Facility (SSVTF). In particular, this discussion is limited to interface 
agents that are hosted on assets with SVM. 

To aid in understanding what an interface agent is and what is does (and maybe get some inkling how an inter- 
face agent should do its work), the following background material about assets and interface agents is pro- 
vided. 


4.8. 1.1 What is an Asset ?? 

An asset is an SSVTF FTT hardware entity attached to the real-time simulation network (RTSN) which can 
be used as an element of a training session. Table 4.8-1 provides a list of the FTT assets and how many 
assets may be configured into a training session. An asset cannot be configured in more than one training 
session at a time. An asset may be configured into and out of an active training session. 


FTT 

Asset 

Class Name 

Asset 

Owner 

Total # 
of Asset 
Instances 

Min / Max # 
Configured in a 
Training Session 

Asset 

with 

SVM 

Asset 

without 

SVM 

RT Session 
Computer (RTSC) 

RTS 

2 

1 /I 

X 


SNS 

SNS 

1 

0/1 

X 


OTW Visual 

VIS 

1 

0/1 


X 

CCTV Visual 

VIS 

1 

0/1 


X 

IOS Work Station 

IOS 

14 

1/14 

X 


DMS String 
(with SIB) 

OBCS 

2 

1/1 


X 

C&T String 

USAD 

1 

0/1 


X 

Crew Station 

USA V 

3 

0/3 

X 


APM 

APM 

1 

0/1 

7 

?(X) 

JEM 

JEM 

1 

0/1 

7 

? (X) 

SMS 

SMTF 

1 

0/1 


X 


Table 4.8-1 FTT Assets within a Training Session 


Some assets contain the real-time system software (RTSSW) executive and communication environment 
known as the Simulation Virtual Machine (SVM). These assets include the RTSC, Crew Station host (CSIOP), 
and SNS. Since these assets contain the RTSSW environment, these assets are referred to as "assets with 
SVM” throughout this document. Some assets, such as IOS Work Stations, contain only the SVM commu- 
nication environment. In this document, there is no differentiation made between assets with SVM and asset 
with only the SVM communication environment; these assets will be treated alike. 

Most assets are black boxes which need to be stimulated in order to work properly in the FTT. Examples of 
these black box assets include the OTW and CCTV IGs and the DMS String. Since these assets do not con- 
tain the RTSSW environment, these assets are referred to as "assets without SVM" throughout this document. 

All assets have the ability to operate with other assets when configured into a training session. During this 
"integrated" or "configured" mode of operation, an asset may communicate with one or more other assets. 
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Some assets have an additional ability to operate by themselves (in a "standalone" mode of operation). These 
assets include the SNS, OTW and CCTV IGs, IOS Work Stations, DMS String, and SMTP (It is expected 
that the APM and JEM simulators will also have the capability of standalone operation.) 


4.8.1. 2 What is an Interface Agent ?? 

An interfanfi agent is the software that provides mo del da ta from one asset to another thrQuqh _fl. CQntTQ j l .ed 
interface . In essence, an interface agent provides an abstraction of its parent asset. The asset providing the 
interface agent is called the "parent asset”. The asset where the interface agent resides is called the host 
asset”. Note that the location of an interface agent (its host asset) depends on the parent asset’s requirements 
for integrated and standalone modes of operation and whether the parent asset is an asset with or without 
SVM; the general rule is that interface agents will only reside in assets with SVM. 

■ Figure 4.8-1 provides a simple example of an interface agent between two assets. In this figure, Asset B has 
m some need (requirement) to use some data produced by Asset A. (Let’s postpone discussions about imple- 
menting an interface agent until later.) In order to support Asset B’s need for data, Asset A employs an inter- 
face agent to provide Asset B with the required interface to Asset A. When Asset B needs some data produced 
by Asset A, Asset B uses the interface agent to get that data. Note that in this simple example, Asset B is 
an asset with SVM. 

■ Figure 4.8-2 provides a general association diagram of an interface agent (a non-IOS interface agent). In 
" this figure, the interface agent is effecting a pass-thru interface between its host asset (Asset A) and its parent 

asset (Asset B). The interface agent exchanges data with some of Asset A’s models (called Partition A, Parti- 
tion Y, and Partition Z). The interface agent receives malfunction and enter value requests from an IOS inter- 
face agent. The interface agent receives add/drop asset commands from its Platform Manager, and returns 
the asset add/drop status to both the Platform Manager and a Status and Control (SaC) agent. Note that in 
this example, Asset A is an asset with SVM. 

An interface agent may play one of two roles while controlling virtually all information transmitted between 
its parent asset and host asset. These two roles are: 

A. Simulating an asset that is not configured in the training session 

B. Effecting a pass-thru interface with an asset that is configured in the training session 

■ In a training session where a given asset is not present, as shown In Figure 4.8-3, the interface agent will 
simulate the interaction between the "missing" parent asset and the host asset at some fidelity (the minimum 
fidelity required for meeting the resource and consumable demands of the host asset). The fidelity of asset 
simulation will depend on the requirements imposed on and capabilities of the interface agent. (Note that the 
interface agent should use static values wherever possible when simulating its parent asset s interface.) 

■ In a training session where a given asset is present, as shown in Figures 4.8-4 and 4.8-5, the interface agent 
" will effect a high fidelity interchange between the "present” parent asset and the host asset. Note that Figure 

4.8-4 shows the communication path when both assets have SVM, and Figure 4.8-5 shows the communica- 



Figure 4.8-1 Simple Example of an Interface Agent 
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Figure 4.8-2 General Interface Agent Association Diagram 


Asset A 


Asset A 
Model 


data 

■''Asset B 
fotsrf&e 


data 

Agetk 


Asset B 


Asset B 
Model 



Asset A is configured in the training session. 
Asset A is an asset with SVM. 


Asset B is not configured in the training session. 
(Asset B may or may not be an asset with SVM.) 


figure 4.8-3 Interface Agent Playing Roll as Asset Simulation 


Figure 4.8-6 provides a general state diagram for an interface agent. On startup, the interface agent defaults 
to simulating the parent/host asset interface. An interface agent effects the pass-thru interface when the par- 
ent asset has been successfully integrated into the host asset’s training session. Allowing an interface agent 
to (easily) switch between the roles of an interface simulator and an interface stimulator provides for a well- 
controlled, constant interface relationship between the assets. 


■ Figure 4.8-7 shows a diagram of a better-detailed communication path between two assets with SVM when 
both assets are integrated in the same training session. Note that two interface agents are employed. 
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Asset A is configured in the training session. Asset B is configured in the (raining session. 

Asset A is an asset with SVM. Asset B is an asset with SVM. 

J Figure 4.8-4 Interface Agent Playing Role as Asset (with SVM) Stimulator 



Asset A is configured in the training session. Asset B is configured in the training session. 

Asset A is an asset with SVM. Asset B is an asset without SVM. 

figure 4.8-5 Interface Agent Playing Role as Asset (without SVM) Stimulator 



Figure 4.8-6 General Interface Agent State Diagram 
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— — ’’with” dependencies 

figure 4.8-7 General Interface Agents within Two Assets with SVM 
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4.8.2 INTERFACE AGENT GENERAL NOTES 


Rules 

1 . All output message types in a partition’s interface are defined via Interface Definition Types Packages. 
The Distributed Identifier Specification (DIS) creates identifiers (MessageJDs) for the messages 
listed in a partition's interface definition packages. The SVM communication software uses these mes- 
sage identifiers to determine the location of the output messages. A partition creates the actual output 
message object (the data itself) using the SVM communication software. Interfaces between partitions 
are effected by registering input and output identifiers with the SVM communication software. 

2. It is greatly desired that a training session should not stop when an asset goes down or goes improperly 
off-line. 

3. SGMT will be provided on demand from a generic clock model. 

Assumptions 

1 . Generally, do not mix data at different rates in the same message on the LAN. The idea here is to en- 
sure that high-rate data is not starved by waiting for low-rate data to be ready for transfer in the same 
data block. One simple work around is to issue the data block at the higher rate, and only update the 
low-rate data as necessary in the block. Of course, the receiver must be ready to deal with getting 
multi-rate data in a data block. 

2. An interface agent (or at least some part of an interface agent) will be packaged as (and treated like) 
a partition. An interface agent will register with SVM communication and executive software in the 
same manner as a partition. An interface agent can do sub-scheduling within itself where needed. 
(This capability for sub-scheduling within a partition may be provided by the SVM executive software.) 

3. Generally, there will be only one interface agent per asset class. The interface agent shall control virtu- 
ally all communication between the host asset and the parent assets. 

4. An interface agent is responsible for resolving word size or word definition differences between the host 
and parent asset via bit-fiddling, byte-swapping, or whatever other means are available to the inter- 
face agent. If the byte-swapping or bit-fiddling is a general problem of the asset interface (i.e., it’s a 
problem for every basic data type), then the Network Services part of Connectivity might be able to 
perform these actions on all data transferred across the interface. (Network Services will not be able 
to handle type-specific conversions - it’s all or nothing.) 

5. An interface agent helps to optimize FDDI packets (helps reduce amount of little packets sent across 
LAN), thus helping the RTSN and GP LAN to provide better response to every user. 

6. Mode transitions commands (from the master Platform Manager) should be "disabled” during asset 
add and asset drop activities. This will allow the asset to be added or dropped in a "stable" mode. Also, 
the master Platform Manager should not issue asset add and drop commands while a Datastore or 
Initialization is occurring. 

Other Notes 

All interface agents provide the following four main capabilities: 

1 . Simulating an asset interface 

2. Effecting pass-thru interface for an asset (with or without SVM) 

3. Adding an asset 

4. Dropping an asset 

Each capability is discussed at length in the following sections. Whether an interface agent is simulating an 

asset interface or effecting a pass-thru interface, it must still deal with the issues of communication, modes, 

malfunctions, and user-requested data entry. 
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4.8.3 INTERFACE AGENT FOR ASSET WITH SVM 


4.8.3.1 Simulating Interface 

4.8.3.1.1 Communication 

The interface agent shall use the SVM communication software to communicate with other partitions. No 
moding of the parent asset is performed during the asset interface simulation. 

During the startup phase, the interface agent must set up all communication paths (for simulation of the inter- 
face as well as effecting a pass-thru interface) before beginning its simulated interface behavior. This allows 
for a quick (and controlled) behavioral change into the pass-thru interface behavior when the parent asset 
is added. 

4.8.3. 1 .2 Moding 

The portion of the interface agent that Is periodic (the partition portion) shall respond to modes (just like a nor- 
mal partition). The interface agent’s particular interface modelling responsibilities depend on the required fi- 
delity of the interface simulation. Note that interface agents must read their mailbox, perform an asset add 
upon request, and return the success/fail status of the add to OSS (SaC) and the master Platform Manager. 
In the unlikely event that an asset drop is requested, the interface agent should return an error status (i.e., 
requested asset is not currently configured in training session) to both the OSS (SaC) and master Platform 
Manager. 

It is anticipated that interface agents (for assets with SVM) will not have to do anything for Step Ahead while 
simulating the interface. 

When the "simulated interface" contains data that should be Datastored, the interface agent must register 
each Datastore item with the DIS (via DIS-related packages). The interface agent must provide the software 
to process the return-to-datastore data from its mailbox. 

When the "simulated interface" contains data that should be Safestored, the interface agent must register 
each Safestore item with the DIS (via DIS-related packages) as well as with the SVM communication soft- 
ware. Interface agents must update these safestore terms at a minimum of once a second (at 1 hertz). The 
interface agent must provide the software to process the return-to-safestore data from its mailbox. 

Upon entering TERMINATE mode, an interface agent should stop simulating the asset interface. (Essentially, 
the interface agent should quit.) There is no requirement for an interface agent to shutdown its parent asset 
when the asset is not configured in the training session. 

4.8.3.1 .3 Malfunctions 

When the "simulated interface" contains data that is affected by malfunctions, the interface agent must regis- 
ter each malfunction with the DIS (via DIS-related packages). An interface agent must provide the software 
to effect the malfunction in the simulated interface. An interface agent should inform the IOS when a malfunc- 
tion request (for the simulated interface) cannot be serviced. 

In the event that some malfunction is processed by both the interface agent (during interface simulation) and 
its parent asset (when configured in the training session), the interface agent shall issue that malfunction re- 
quest to its parent asset. 

Maybe malfunctions shouldn't be handled (anything really done) by Interface agent when it is simulating the 
asset interface: Why should an interface agent care about malfunctioning something in a low-fidelity interface 
?? 

Maybe the interface agent (for a parent asset with SVM) won't have to deal with malfunction logic: the IOS 
may not allow selection of malfunctions which are hosted (belong to) an asset with SVM which isn 1 configured 
into the training session. 

4.8.3. 1 .4 User-Requested Data Entry 
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When the "simulated interface" contains data that can be over-written by an instructor or operator (via user- 
requested data entry), the interface agent must register each item (targeted for a controlled value override) 
with the DIS (via DIS-related packages). An interface agent must provide the software to enter the user-sup- 
plied data (from its mailbox) to the simulated interface. An interface agent should inform the IOS when an 
enter value request cannot be serviced. 


4.8.3.2 Effecting Pass-Thru Interface 

4.8.3.2.1 Communication 

The interface agent shall use the SVM communication software to oommunicate with other partitions. The 
communication paths do not need to be set up at this point, since they were set up during the startup phase. 

4.8.3.2.2 Moding 

All mode transition commands (including requested mode and mode-specific parameters) shall be sent di- 
rectly from the master Platform Manager to the asset’s Platform Manager; the interface agent is not involved 
with this message transfer. (Note that each asset with SVM shall have a Platform Manager.) 

The portion of the interface agent that is periodic (the partition portion) shall respond to modes (just like a nor- 
mal partition). The interface agent’s particular interface modelling responsibilities depend on the required fi- 
delity of effecting the pass-thru interface. Note that interface agents must read their mailbox, perform an as- 
set drop upon request, and return the suocess/fail status of the drop to OSS (SaC) and the master Platform 
Manager. In the unlikely event that another asset add is requested, the interface agent should return an error 
status (i.e., requested asset is not currently configured in training session) to both the OSS (SaC) and master 
Platform Manager. 

It is anticipated that interface agents (for assets with SVM) will not have to do anything for Step Ahead while 
effecting a pass-thru interface. 

Since models within the asset shall register Datastore and Safestore terms (local to that asset), the interface 
agent will not have to do anything for Datastore or Safestore. While effecting a pass-thru interface, the inter- 
face agent will not have to update its "simulated interface" data terms. 

4.8.3.2.3 Malfunctions 

For an asset with SVM, the interface agent is not required to register malfunctions (as long as the interface 
agent does not have to malfunction the "simulated interface"). 

In the event that some malfunction is processed by both the interface agent (during interface simulation) and 
its parent asset (when configured in the training session), the interface agent shall issue that malfunction re- 
quest to its parent asset, upon request by the IOS. 

4.8.3.2.4 User-Requested Data Entry 

For an asset with SVM, the interface agent is not required to register data items targeted for a controlled value 
override. 

4.8.3.3 Adding Asset 

The master Platform Manager (Asset Manager), upon command from the OSS, will issue an "Add Asset" re- 
quest to the interface agent. This request will identify which asset instance (i.e., which unique asset) should 
be added into the training session. An asset may be added only during FREEZE and RUN modes. Note that 
prior to issuing the "Add Asset” request, the master Platform Manager will have ensured (with OSS SMaCT 
or SaC help ?) that the asset has successfully completed its Startup Activity (including the PROGRAM ELAB- 
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ORATION, SETUP/REGISTER I/O, and CREATE DATA steps) and that it’s communicating on the RTSN. 
The master Platform Manager shall also be responsible for ensuring that an asset add will not occur during 
a Datastore operation. The interface agent should be simulating the asset interface at this time. 

Responses of interface status (Asset Add successful, Asset Add failed, etc.) during an Asset Add shall be sent 
from the interface agent to both SaC and the master Platform Manager (Asset Manager). 

When adding an asset during run, one-way communication is first established with the asset. Data is passed 
to the asset so that it can initialize itself with the ongoing simulation. When everything is synchronized and 
it is time to join the asset to the simulation, the communication becomes two-way and the interface agent acts 
as a pass-thru for the data transfer. 

When a new asset is being added, there may be a need for a "controls not in agreement’ capability, this would 
involve the IOS, the interface agent, and the actual asset. This capability would allow the asset to be "in config- 
uration" prior to being added so that a large jump would not be detected when they were actually added (if 
the asset was not near the current simulated configuration). [Aside: according to SET team, we will ignore 
the controls not in agreement capability.] 

4.8.3.4 Dropping Asset 

The master Platform Manager (Asset Manager), upon command from the OSS, will issue a "Drop Asset" re- 
quest to the interface agent. This request will identify which asset instance (i.e., which unique asset) should 
be dropped from the training session. An asset may be dropped only during FREEZE, RUN and TERMINATE 
modes. The master Platform Manager shall be responsible for ensuring that an asset drop will not occur dur- 
ing a Datastore operation. The interface agent should be effecting a pass-thru interface at this time. 

Responses of interface status (Asset Drop in progress, Asset Drop successful, Asset Drop failed, etc.) during 
an Asset Drop shall be sent from the interface agent to both SaC and the master Platform Manager (Asset 
Manager). 
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4.8.4 INTERFACE AGENT FOR ASSET WITHOUT SVM 


4.8.4. 1 Simulating Interface 

4.8.4.1.1 Communication 

The interface agent shall use the SVM communication software to communicate with other partitions. No 
moding of the parent asset is performed during the asset interface simulation. 

During the startup phase, the interface agent must set up all communication paths (for simulation of the inter- 
face as well as effecting a pass-thru interface) before beginning its simulated interface behavior. This allows 
for a quick (and controlled) behavioral change into the pass-thru interface behavior when the parent asset 
is added. 

4.8.4.1 .2 Moding 

The portion of the interface agent that is periodic (the partition portion) shall respond to modes (just like a nor- 
mal partition). The interface agent’s particular interface modelling responsibilities depend on the required fi- 
delity of the interface simulation. Note that interface agents must read their mailbox, perform an asset add 
upon request, and return the success/fail status of the add to OSS (SaC) and the master Platform Manager. 
In the unlikely event that an asset drop is requested, the interface agent should return an error status (l.e., 
requested asset is not currently configured in training session) to both the OSS (SaC) and master Platform 
Manager. 

It is anticipated that interface agents (for assets without SVM) will not have to do anything for Step Ahead while 
simulating the interface. 

When the "simulated interface" contains data that should be Datastored, the interface agent must register 
each Datastore item with the DIS (via DIS-related packages). The interface agent must provide the software 
to process the return-to-datastore data from its mailbox. 

When the "simulated interface” contains data that should be Safestored, the interface agent must register 
each Safestore item with the DIS (via DIS-related packages) as well as with the SVM communication soft- 
ware. Interface agents must update these safestore terms at a minimum of once a second (at 1 hertz). The 
interface agent must provide the software to process the return— to-safestore data from its mailbox. 

Upon entering TERMINATE mode, an interface agent should stop simulating the asset interface. (Essentially, 
the interface agent should quit.) There is no requirement for an interface agent to shutdown its parent asset 
when the asset is not configured in the training session. 

4.8.4.1 .3 Malfunctions 

When the "simulated interface’ contains data that is affected by malfunctions, the interface agent must regis- 
ter each malfunction with the DIS (via DIS-related packages). An interface agent must provide the software 
to effect the malfunction in the simulated interface. An interface agent should inform the IOS when a malfunc- 
tion request (for the simulated interface) cannot be serviced. 

The IOS shall send malfunction requests to the interface agent (in accordance with the malfunction’s DIS reg- 
istration). During RUN and FREEZE modes, the interface agent shall read its mailbox and effect malfunction 
(for the simulated interface) as required. 

In the event that some malfunction is processed by both the interface agent (during interface simulation) and 
its parent asset (when configured in the training session), the interface agent shall issue that malfunction re- 
quest to its parent asset. 

4.8.4.1 .4 User-Requested Data Entry 

When the "simulated interface’ contains data that can be over-written by an instructor or operator (via user- 
requested data entry), the interface agent must register each item (targeted for a controlled value override) 



with the DIS (via DIS— related packages). An interface agent must provide the software to enter the user-sup- 
plied data (from its mailbox) to the simulated interface. 

The IOS shall send enter value requests to the interface agent (in accordance with the data item's DIS regis- 
tration). During RUN and FREEZE modes, the interface agent shall read its mailbox and process the enter 
value requests (as allowed by the peculiar capabilities provided by the asset without SVM). The interface 
agent shall inform the IOS when an enter value request (for the simulated interface) cannot be serviced. 


4.8.4.2 Effecting Pass-Thru Interface 

4.8.4.2.1 Communication 

The interface agent shall use the SVM communication software to communicate with other partitions. 

During the startup phase, the interface agent must set up all communication paths (for simulation of the inter- 
face as well as effecting a pass-thru interface) before beginning its simulated interface behavior. This allows 
for a quick (and controlled) behavioral change into the simulated interface behavior when the parent asset 
is dropped. 

4.8.4.2.2 Moding 

When an asset without SVM is integrated, its interface agent must deal with mode transition logic: it should 
know how to "mode" its parent asset. In a sense, the interface agent acts as a pseudo-Platform Manager 
for the asset. 

During INITIALIZATION (including Self Init and System Init) the interface agent shall receive initialization data 
from its mailbox and apply it to the host-to-parent transfer buffers (as appropriate). Thus, the interface agent 
shall stimulate asset so that it receives and processes the initialization data until the asset reaches a steady 
state. 

During FREEZE (and HOLD and STEP AHEAD), the interface agent must keep the asset running (either con- 
tinue data transfers, or command the asset to freeze). In some cases, additional messages may be sent to 
trick asset into its "freeze" logic. Despite the method used, the interface agent should take care of all special 
processing to ensure that the asset is frozen when the training session enters FREEZE. 

The interface agent must register all necessary DATASTORE terms with the DIS. These terms should be 
terms within the asset's pass-thru interface or derived from data within the asset’s pass-thru interface. 

During RUN, the interface agent should communicate with its asset as required to effect the pass-thru inter- 
face. On a FREEZE to RUN transition, the interface agent should take care of all special processing to ensure 
that the asset begins interface processing when the training session enters RUN mode. 

If required, the interface agent must register all necessary SAFESTORE terms with the DIS. Note that it is 
not generally expected that assets without SVM will have safestore data. 

4.8.4.2.3 Malfunctions 

The interface agents must register all malfunctions for its parent asset. This is necessary since the parent 
asset is unable to register malfunctions by itself. Each malfunction must be registered with the DIS. 

The IOS shall send malfunction requests to the interface agent (in accordance with the malfunction's DIS reg- 
istration). During RUN and FREEZE modes, the interface agent shall read its mailbox and malfunction the 
asset as required . The interface agent must know how to effect malfunctions on its parent asset. The interface 
agent shall inform the IOS when a malfunction request cannot be serviced. 

4.8.4.2.4 User-Requested Data Entry 

The interface agent must register each data item (targeted for a controlled value override) with the DIS. This 
is necessary because the parent asset is unable to register these terms by itself. 
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The IOS shall send enter value requests to the interface agent (in accordance with the data item's DIS regis- 
tration). During RUN and FREEZE modes, the interface agent shall read its mailbox and process the enter 
value requests (as allowed by the peculiar capabilities provided by the asset without SVM). The interface 
agent shall inform the IOS when an enter value request cannot be serviced. 


4.8.4.3 Adding Asset 

The master Platform Manager (Asset Manager), upon command from the OSS, will issue an "Add Asset" re- 
quest to the interface agent. This request will identify which asset instance (i.e., which unique asset) should 
be added into the training session. An asset may be added only during FREEZE and RUN modes. Note that 
prior to issuing the "Add Asset" request, the master Platform Manager will have ensured (with OSS SMaCT 
or SaC help ?) that the asset has successfully completed its Startup Activity (whatever this means for the asset 
without SVM) and that it's communicating on the RTSN. The master Platform Manager shall also be responsi- 
ble for ensuring that an asset add will not occur during a Datastore operation. The interface agent should be 
simulating the asset interface at this time. 

Responses of interface status (Asset Add successful, Asset Add failed, etc.) during an Asset Add shall be sent 
from the interface agent to both SaC and the master Platform Manager (Asset Manager). 

When adding an asset during run, one-way communication is first established with the asset. The interface 
agent shall deal with foreign connections, as required. Data is passed to the asset so that it can initialize itself 
with the ongoing simulation. When everything is synchronized and it is time to join the asset to the simulation, 
the communication becomes two-way and the interface agent acts as a pass-thru for the data transfer. 

When a new asset is being added, there may be a need for a "controls not in agreement" capability, this would 
involve the IOS, the interface agent, and the actual asset. This capability would allow the asset to be "in config- 
uration" prior to being added so that a large jump would not be detected when they were actually added (if 
the asset was not near the current simulated configuration). [Aside: according to SET team, we will ignore 
the controls not in agreement capability.] 

4.8.4.4 Dropping Asset 

The master Platform Manager (Asset Manager), upon command from the OSS, will issue a "Drop Asset" re- 
quest to the interface agent. This request will identify which asset instance (i.e., which unique asset) should 
be dropped from the training session. An asset may be dropped only during FREEZE, RUN and TERMINATE 
modes. The master Platform Manager shall be responsible for ensuring that an asset drop will not occur dur- 
ing a Datastore operation. The interface agent should be effecting a pass-thru interface at this time. 

Responses of interface status (Asset Drop in progress, Asset Drop successful, Asset Drop failed, etc.) during 
an Asset Drop shall be sent from the interface agent to both SaC and the master Platform Manager (Asset 
Manager). 

If a hardware device is attached, the interface agent may need to shutdown that device as part of the asset’s 
drop procedure. 
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4.9. Asynchronous I/O 

Asynchronous I/O provides rss) — time disk i/o operations for real-time models. Disk i/o operations are usually 
time consuming operations. The calling model must wait for the i/o operation to complete before it can contin- 
ue processing. In 3 real— time simulation, such i/o delsys csuse overruns to occur snd csn not be tolerated. 
However, asynchronous i/o permits real-time models to ’post' i/o operations to a shared memory 3re3. A 
partition in the asynchronous processor which is not bound by real-time time constraints processes the 
posted i/o operations. The re 3 l-time model making the request picks up the result of the i/o request on a sub- 
sequent execution. For the model, the time consumed for i/o operations is that for memory to memory data 
transfers which is much more efficient than memory to/from disk dsts transfers. 

Asynchronous I/O permits a real-time model to open a file for read access or write access, not both simulta- 
neously. The dsts is accessed ss in stresm i/o. Sequential reads/writes of dsts in terms of bits/bytes is per- 
formed. The model is responsible for file formst snd dsts type informstion. 

Real-time spplicstion models requiring disk sccess use the services of the Resltime_lo pscksge. Resl- 
timejo operations post i/o requests in a shsred memory buffer sres. Several models, within the ssme or 
different CPUs, msy mske resl-time i/o requests. Built into CPU 0 is Async_lo_Psrtition. Async_lo_Psrtition 
scans the shared memory buffer area for i/o requests and processes them appropriately (see figure 4.9-1 ). 

Models requiring disk i/o should with package Realtime_IO. For each file that is to be operated on simulta- 
neously, the model should Register a buffer area specific to the file in Set_Up. Update should be called in 
each simulation mode until a Status of Registered is received. Once the buffer for a file has been registered, 
the file may be opened (Open) or created (Create). Update should be called until a Status of Opened or 
Created is returned. Before data is read, a check should be made Censure There_ls_Data_For the read and 
that the End_Of_File has not been reached. The Read may then be performed. Again Update should be called 
before the next call to any Realtime Jo service. Similarly, for a write, a check should be made to ensure 
ThereJs_Room_For the data to be written in the buffer area for this file. The Write may then be performed 
and a call to Update made before another Realtime Jo operation is made. The file may be closed (Close) or 


Shared Buffer Area 



| Figure 4.9-1 Asynchronous I/O Overview 
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deleted (Delete) following the completion of all requested read or write operations. Once a file has been 
closed or deleted, the Realtimejo object may be used to operate on another file. 

The Async_lo_Partition processes i/o operations posted by the RealtimeJO package. Async_IO_Partition 
executes at 1 hz. Thus, several i/o requests may have been posted by real-time models between 
Async_IO_Partition executions. Async_IO_Partition scans the shared memory buffer areas and processes 
any posted i/o operations. The response to a Realtime_lo call is not completed until Async_IO_Partition has 
executed. A requesting model may have to call RealtimeJo.Update several times before it receives a com- 
pleted status. However, Reads may be done by the real-time model until its buffer area is depleted without 
an execution by Async_IO_Partition; similarly, writes may be performed until the buffer for the file is full without 
an execution by Async_IO_Partition. 

The Realtimejo package spec follows: 


with System; 

with Io_Except ions; 

package Realtime_Io is 

— I 

type File_Type is limited private; 

--! 

type File_Mode is (In_File, Out^File) ; 


type File_Size is (Small, Large); — estimated buffer size needed 


— I 

type File_Status is 


(None, Error, Registering, Registered, Creating, 
Created, Opening, Opened, Writing, Written, 

Reading, Read, Closing, Closed, Deleting, Deleted) ; 


— | Register: allows use of other Realtime^Io routines. 

— I 

-- | *** Register must be the first Realtime^ IQ routine *** 
— j *** called. It must be called during Set_Up. *** 


procedure Register (File : in out File_Type; 

Mode : in File_Mode Out_File; 

Size : in File Size Small); 




--j Update: allows Realtime_IO to update the File object. 

— j *★* Update must be the first Realtime_IO routine *** 
__l *** called in a given period for all modes other *** 
--i *** than Set_Up. *** 


procedure Update (File : in out File_Type); 


— | Destroy: Kills an instance of File_Type. 

— I 

— | *** Must call Register to use this instance again. *** 


procedure Destroy (File : in out File_Type); 


— I Create: creates a disk file of the supplied Name. 
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procedure Create (File : in out File_Type; Name : in String); 


— | Open: opens a disk file of the supplied Name, 
procedure Open (File : in out File_Type; Name : in String); 


— | Close: closes the currently opened file. 


procedure Close {File : in out File_Type); 


-- | Delete: deletes the currently opened file; 


procedure Delete (File : in out File_Type); 


— | Read: reads data from the currently opened file. 


procedure Read (File : in out File_Type; 

Address : in System . Address; 

Size In Bits : in Natural); 


— I Write: writes data to the currently opened file. 


procedure Write (File : in out File_Type; 

Address : in System . Address; 

Size In Bits : in Natural) ; 


--I Selector Functions 


function Mode (File : in File_Type) return File_Mode; 
function Name (File : in FileJType) return String; 
function Status (File : in File_Type) return File_Status; 
function End_Of_File (File : in FileJType) return Boolean; 

function There_Is_Room_For (File : in FileJType; Number_Of_Bits : in Natural) return 
function There Is Data For (File : in FileJType; Number J5f_Bits : in Natural) return 


-- | Exceptions this package can raise 


Name_Error 

Use_Error 

$tatus_Error 

Mode_Error 

Device_Error 

End_Error 

Data Error 


exception renames 
exception renames 
exception renames 
exception renames 
exception renames 
exception renames 
exception renames 


Io_Except ions . Name_Error; 
Io_Except ions . Use_Error; 
Io_Except ions . Status_Error; 
Io_Except ions . Mode__Error; 
Io_Except ions . Device_Error ; 
Io_Except ions . End_Error; 
Io_Except ions , Data_Error; 


Mismatch JSrror : exception; 


private 

type State; 

tyce File_Type is access State; 
end Realtime_Io; -- package spec 


Boolean 
Boo lean 
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This package provides a real-time interface for models wanting 
real-time write capabilities. 

Async_Io_Part ition and Realtime_Io are co-programs. 

Realtime_Io loads data into a shared buffer_area and 
Async_Io_Part it ion processes that data. 
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5. NON-REAL-TIME SECTION 


5.1. Overall Structure 

| <To be finalized in later revision> 

Non-real-time (NRT) components are constructed in a manner similar to real-time (RT) components. Since 
the NRT system doesn’t require the RT Thread Executive, messaging mechanisms are a little more relaxed 
(see section 5.4.1). Missing from NRT components are requirements to have “Update" or “Re- 
quest_State_Change" operations or Interface Definition Packages. Updating of components is accom- 
plished entirely by the controlling component (Operational Component) calling operations of subordinate 
instances (See Fig 5-1 — Structural View of an Operational Component). 

5.2. Classes and Instances 

| <To be finalized in later revision> 

Like the previous section, all instances exist via creation from ADTs or Generic ADTs. 

5.3. Inheritance and Composition 

| <To be finalized in later revision> 

Both inheritance and composition of objects have played a large role in the analysis of our systems. To convert 
this effort to Ada, we must address the needs of efficiency and maintainability, as well as the need to satisfy 
object-oriented approaches. 

Composition is fairly straightforward, needed classes are “WITHed", then objects are declared within the 
structure of the newer class. 

Inheritance is another matter completely. There are several documented forms of accomplishing inheritance 
using Ada — each has their advantages and disadvantages. 

The approach used by Grady Booch [Booch 91 ] is what we will be using for the SSVTF. Although more wordy 
that other approaches, it lends itself to the easiest maintenance (and easiest migration should we go to Ada 
9X, the next version of Ada). There are several other methods to accomplish inheritance, and it is worth inves- 
tigation by the curious. For further reading on alternate approaches to inheritance, see [Atkinson 91 ], [Hirasu- 
na 92], [Perez 88], or [Seidewitz 92]. 

Grady Booch states, "In practice, we find it common to design as if inheritance were possible, then use a vari- 
ety of implementations to fake it if the language does not directly support inheritance." [Booch 91 ] This is ex- 
actly the case for SSVTF using the current version of Ada. In order to support inheritance in it’s simplest form, 
we will use packages built from the class structures (or possibly generic class structures) defined in section 
5.5 "Templates and Guidelines” along with "pass-through” calls. See Appendix III, Create operation, Les- 
son_Class package for an example of "pass-through” calling. 

5.4. Operational Components 

| <To be finalized in later revision> 

Operational Components represent the "main” program in Ada. This is typically an ASM (called from a proce- 
dure) that controls all instances of classes - much like the real-time Partition. 

5.4.1 Communicating with Other Operational Components/Partitions 

| <To be finalized in later revision> 

There are three mechanisms by which Operational Components may communicate: file exchanging, utilizing 
the real-time interface, or POSIX Interprocess Communication. Each mechanism has it's benefits and draw- 
backs, which will be explained in detail in the next sections. 
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5.4.1. 1 File Exchanging 

<To be published in next revision> 

5.4.1. 2 Utilizing the Real-Time Interface 
<To be published in next revision> 

5.4.1. 3 POSIX Interprocess Communication 
<To be published in next revision> 

5.5. Templates and Guidelines 

The following example is intended to be used as a prototype template for building ADTs in non-real-time sys- 
tems: 

with Std_Eng_Types ; 

package Non_Real_Time_Template_Class is 

package SET renames Std_Eng_Types ; -- Simplifies Parameter names 
type Valve_State is (Open, Closed); 

type Object is limited private; — limited private is preferred. 

-- private may be used, 

— unprotected types require SRB approval 

************************* Modifiers ***************************** — 

procedure Create (Instance : in out Object); 

— AVOID using generics if this form can be used to parameterize 
the object. 

procedure Destroy {Instance : in out Object) ; 
procedure Set_Valve (Instance : in out Object; 

To : in Valve_State) ; 

procedure Set_Pressure (Instance : in out Object; 

To " : in SET.Psi); 

************************* Selectors ***************************** — 

— NOTE: These are only examples. Note that all operations here 
return primitives. A primitive is either a non-numeric 
type defined in package Standard, a previously declared 
enumerated type within this specification, or a type 
defined inside the package Std_Eng_Types . 
function Valve_Is_Open (Instance : in Object) return Boolean; 

function Pressure_Of (Instance : in Object) return SET.Psi; 

private 

type State; 

type Object is access State; — Note that the "attributes' of the object 

-- are invisible in the specification! 
end Non_Rea 1_ Ti me_ Temp lateClass ; 
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7 APPENDIX I - ADA STRUCTURAL TEMPLATES 

The following templates show the general Ada structural form for the class structures and partitions. 

7.1 Class Template 

The following example is intended to be used as a template for building ADTs in real-time systems. The ADT 
package exports an object of type ’Object’ and operations on that object. The operations are divided into 4 
major categories - create, request state change, update, and selectors. The create is used to elaborate/ini- 
tialize an instance. Request state change procedure(s) provide the capability of aperiodically modifying an 
instances state (such as the insertion of malfunctions or providing reset values). The Update procedure(s) 
iterate the instance of time. The selectors provide access to values held within the internal state of the 
instance. 


with Std_Eng_Units ; 
package <name>_Ciass is 

package Seu renames Std_Eng_Units; --Simplifies parameter names, 
cype Object is limited private; — Limited private is preferred, 

type Commands is (Reset, Maifl, Malf2, etc); 

******************************* Modifiers ******************************** 


procedure Create (Instance 

in 

out 

Object; 

Opt_Conf ig_Varl 

in 


Seu . Feet ; 

Cpt_Conf ig_Var2 

in 


Seu . Psi ; 

Parent 

in 


String) ; 

procedure Request_State_Change 




( Instance 

in 

out 

Object ; 

Command 

in 


Commands ; 

Input_l 

in 


Seu. Feet : = 0. 

Input_2 

in 


Seu .Psi : = 0 J 

— Used to modify the state of the instance. Operat 

-- aperiodically (i.e. applying a 

mal function) . 

procedure Update (Instance 

in 

out 

Object ; 

Del ta_Time 

in 


Seu . Seconds ; 

Input_One 

in 


Seu , Feet ; 

InputJTwo 

in 


Seu . Psi ) ; 


performed 


******************************* 


Selectors 




function Is_Selectorl (Instance : in Object) return Boolean; 
function Is_Selector2 (Instance : in Object) return Seu. Feet; 


private 


type Object is 
State_Var_l 
3tate_Var_2 
State_Var_3 
end record; 


record 
: Seu. Feet 
: Seu.Psi 
: Boolean 


= 0 . 0 ; 

= 1 . 0 ; 

= False; 


— Note: Always supply 

default values. 


end <name>_Class ; 


I Abstract : This is a general template form for a class structure. Class 

j structures should have this form in general when implemented. 

I The actual class may have different routines, but each class 

I should have Create, Request_Stace_Change, Update, and selector 

I routines that basically follow this pattern. This pattern will 

I provide consistency for the software implementation of class 
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package body <narne>_CIass is 

— ******************************************+************+*********,******** 


procedure Create (Instance 

in out 

Obj ect ; 

Opt_Conf ig_Va ri . 

in 

Seu . Feet ; 

Opt _Co n f i g_Va r 2 

in 

Seu . Psi ; 

Parent 

in 

String) is 

begin 

null; -- set up/ i nit code goes here. 


end Create; 

********************************** 

t*****t*t**tH»****tMt*******n*t*t***» 

proc ed u re Reques t _S t a t e_Cha nge 

(Instance 

in out 

Obj ect; 

Command 

in 

Commands ; 

Input_l 

in 

Seu.Feet 0.0; 

Inpuc_2 

in 

Seu.Psi := 0.0} is 


begin 


case Command is 

when Resec => --reset code goes here, 
when Malfl => --malf 1 insertion goes here, 
when Malf 2 => --malf 2 insertion goes here, 
when . . „ ; 
end case; 

end Request _State_Change ; 

************************************************ * * * * * * ******************** 

procedure Update (Instance : in out Object; 

Delta_Time : in Seu. Seconds; 

Input_One : in Seu.Feet; 

Input_Two ; in Seu.Psi) is 

begin 

null; — update code goes here, 
end Update; 

— ************************************************************************** 

function Is_Seiectorl (Instance : in Object) return Boolean is 

begi n 

return Instance . State_Var_3 ; 
end Is_3elec tori ; 

— ************************************************************************** 

function Is_Selector2 (Instance : in Object) return Seu.Feet is 

begin 

return Instance . State_Var_l ; 
end Is_Selector2 ; 

end <name>_CIass ; 
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7.2 Class Template With Computed Period 


The following class template is similar to the class template shown above except for the addition of a com- 
puted period capability. This capability allows an instance to be configured to run at a slower harmonic rate 
than the parent and at a relative period offset from the parent. This structure may be required if varying rate 
objects are placed under one rate-monotonically scheduled partition. This should be used in exceptional 
cases only Note that this form will cause the partition modeler to perform manual period-leveling within the 
scope of the partition. The worst case period must then be used for RMS time allocations. 

Two data types are provided in 'Timer_Services_Class'’ (8.5) that support this option - "Rates" and "Peri- 
od_Offsets". In the "Create" operation of the class structure, three parameters are shown - "Subrate’. "Peri- 
od_Base_Time”, and "PeriodjCffset" "Subrate" specifies the rate relative to the parent base rate that the 
instance should update. The default value is "full” so that if the user does not want to use subrate scheduling, 
nothing has to be encoded and the instance will work normally. Any value passed in other than "full” will enable 
the subrate scheduling feature. "Period_Base_Time”isthebaseperiod rateof the parent (i.e. the RMS sched- 
uled period of the partition in seconds). ”Period_Offset” is the Nth period relative to the parent base period 
that the instance should update. This number is valid from 1 to (1 /rate) of the subrate (i.e. 2, 4, 8, 16, 32, or 
64). 

For example: Assume a partition's base RMS period is 25 Hz (40 ms). If an object instance within the partition 
needs to run at a period of about 6 Hz (1 60 ms) or "quarter” rate, then the instance would be created using 
the following code segment: 


Class . Create (Instance => Instance, 

Subrate => Quarter, 

Per icd_Base__Time r> 0.04, 

Per iod_Of f set => 3); 


The period offset of 3 would cause this instance to update on the third period of every consecutive 4 period 
cycles from the parent. ** Note that internally the class does not update using a counter (count 1. 4, on 3 
execute) - the update is performed based on delta time. This addresses the concern that if the parent "jumps 
ahead in time”, the object will update based on that jump time, not the base period and count. The concept 
of passing delta time still applies completely. 

For this template, the partition must run at the fastest rate required by the entire system. A service package, 
Timer_Services_Class (8.5), is used to provide the mechanism to run class instances defined by the partition 
at a slower, harmonic relative rate. Using this mechanism, there are no issues at the first level of class com- 
position below the partition level. However, for composition elements past the first level, several scheduling 
and timing issues arise. The recommendations are that only the first level below the partition be subsche- 
duled, and that if odd scheduling rates are required, the model should be flattened to address the real-time 
execution concerns. 


with 3td_Eng_Uni ts ; 

wich Timer_Services_Class ; 

package <name>_Class is 

package Sen renames Std_Eng_Uni ts ; --Simplifies parameter names. 

package Services renames Timer_Services — Class ; --Simplifies names 

type Object is limited private; — Limited private is preferred. 

type Commands is (Reset, Malfl, Malf2, etc); 

procedure Create (Instance ; in out Object; 

Qpt_Conf ig_varl : in Seu.Feec; 

Opt_Conf ig_var2 : in Seu.Psi; 

Parent *. in String; 
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— 5 icraCc sc he d u 
3 u craze 

Peri od_3ase_? i me 
Feriodipr fset 


"3 opt 
in 


r. parameters : -- 
Services . Paces 
Seu . Seconds 

Services . Per iod_Of f sets 


Services .Full ; 

0 . 0 ; 



private 

type Object 
Timer 


is record 

: Servi res .Object; 


--Subrate schedule instance 


end record; 
end <name>_Class; 


Abs^raut : This form of the class structure allows instances to run at 
slower harmonic rates from the calling model. This form will 
an instance to run slower than the parent and at a 
specified period offset from the parent. Note that the 
instance must be able to complete within the period of the 
parent! Note also that at Create, the timing parameters are 
defaulted to update at the same (Full) rate of the parent. 

Wa mi ngs : No ne . 


package body <name>_Class is 


procedure Create (Instance 

Opt_Conf ig_Varl 
Opt_Conf ig_Var2 
Parent 
Subrate 

Peri od_Ba s e_Ti me 
Period_0f fset 

begin 


* ***+*****#*♦*************,********** 

in out Object; 
in Seu.Feet; 

in Seu.Psi; 

in String; 

in Services .Rates Services . Full 

in Seu. Seconds : = 0.0; 

in Services . Period_Of f sets := 1); 


— Create the timing part. 
Services .Create {Timer 

Subrate 

Period_Base_Time 
Period_Of f set 


Instance .Timer, 
Subrate, 

Period_Base_Time, 
Period_Of fset ) ; 


-- setup/ i ni t code goes here. 


ena Create; 




********* 


******************** 


procedure Update (Instance 

Del ta_Time 
Input jDne 
Inpuc_Two 

begin 


******** 


in out Object; 
in Seu. Seconds; 

in Seu.Feet; 

in Seu.Psi) is 


-- Update the timing data. 

Services . Update (Timer => Instance .Timer , 

Del ta_Time => Delta_Time) ; 


— Update the rest of the data if.it is time, 
if Services. Time_To ^Update (Timer => Instance. Timer) then 

Use cervices . Act ual_Del ta_Ti me (Timer - > Instance .Timer) 
to get the change in time. 
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null; --update code goes here, 
end i t ; 

end Update; 


end <name>_Class; 


7.3 Partition Template 

The following template shows the basic form of a partition. The first package shows the partitions interface 
definition (message) output package. 


with Std_Eng_Uni ts ; 

package <name>_Inter face_Defn is 

package SEU renames Std__Eng_Units ; 
type Message_l is 
record 

Valuel ; SEU. Volts; 

Value2 ; Integer; 

Value3 : SEU. Amps; 
end record; 

type Ml_Pcrs is access Message_l ; 
type Message_2 is 
record 

Value4 : SEU.Psi; 

Value5 : SEU. Feet; 

ValueS : Natural; 
end record; 

type M2_Ptrs is access Message_2; 
end <name>_Interface_Def n; 


— I 

— I 

— I 
--I 
--! 

— 1 
— I 
-- I 


Abstract 


Warnings 


This is a general template form a partition's interface definition 
package. Note that there can be 1 message per package, multiple 
interface definition packages per partition. 

None . 


with <name>_Inter face_Defn; 
package <name>_Parti tion is 
end <name>_Partition; 


— I Abstract t This* is a general template form for a partition package. 


Wa rni ngs 


None . 


with Std_Eng_Uni ts ; 
with Mailbox, 
Message, 
Generic_Model ; 
with <name>_Class ? 


— SVM Mailbox System 

— SVM Message System 

— SVM Thread Exec 

— some class 


package BODY <name>_Part i tion is 
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-- Package Renames 


package SEU renames Std_Eng JJni ts ; 


-- Message Pointers 


Mesg_l_Id : Message .One _To_Many.Ou t_Msgs ; 
Mesg_l : <name>_Interface_Defn.Ml_Fcrs; 
Mesg_2_Id : Message . Mar.y_To_One . Out_Msgs; 
Mesg_2 : <name>_Inter face_Defn . M2_Pt rs ; 


— Internal Partition Class Instances 


My_Instance : <name>_C lass . Object ; 


-- Internal Partition Data 


Del ta_Time 
Elapsed JTi me 
Part it ion_Name 
Mai lbox_Id 
Stabilized 


Set . Seconds ; 

Set. Seconds := 0.0 

String (1 .. 16) := # <name>_Partition* ; 

Ma i 1 bo x . Ma i 1 bo xes ; 

Boolean := False; 


My _Va r 


Integer? 


- - vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv^^ 


procedure 

procedure 

procedure 

procedure 

procedure 

procedure 

procedure 

procedure 


Set_Up; 
Create_Data ; 
Sel f_Ini t ; 
System_Ini t ; 
Run; 

Freeze ; 

Hold; 

Term; 


package Thread_Exec is new Generic_Model . Periodic 

(Name 

Rate 

Execuce_Set_Up_Model 

Exec u t e_C r ea t e_Da t a_Mode 1 

Execute_Sel f_Ini t_Model 

Execute_System_Init_Model 

Execute_Run_Model 

Execute_Freeze_Model 

Execute_Hold_Model 



Execute_Terminate_Model 

procedure 

P roces s _Ma i 1 bo x 

is 

separate; 

procedure 

Upda te_I npu t s 

is 

separate; 

procedure 

Update _Outputs 

is 

separate; 

procedure 

t^edat e_S o me_Ob j ec t 

is 

separate ; 

procedure 

Updace_Somernore_Objects 

is 

separate; 

procedure 

Reaet_Particion 

is 

separate ; 

procedure 

Register_IO 

is 

separate; 

procedure 

Set_Up 

is 

separate; 

procedure 

Create_Data 

is 

separate; 

procedure 

Self_Init 

is 

separate; 

procedure 

System_Init 

is 

separate; 

procedure 

Run 

is 

separate; 

procedure 

Freeze 

is 

separate; 

procedure 

Hold 

is 

separate ; 

procedure 

Term 

is 

separate; 


_> Part i tion_Name, 

=> Generic_Model . P4 Ohz , 

=> Set_Up, 

= > Create_Data , 

=> Self_Init, 

=> System_Init, 

=> Run, 

=> Freeze, --note, RUN may be used. 
= > Hold, 

-> Term) ; 


end <name>_Parti tion; 
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Abstract 


This is a general template form for a partition body. 


-- Warnings : None. 


with Sa £estore_Mai lbox; 
with 3a res t o re_Msg_I ds ; 
with Mail_Msg_Types; 
separate ( <name>_Part i t ion) 
procedure Process_Mai lbox is 
Num_Msgs : Natural := 0; 

3afestore_Value : <sa festore_data_type>; 
function Get_Safestore_Value is new 

Safestore_Mailbox. Value (Data_Type => <safestore_data_type>) ; 

begin 


-- Get 


-- get all of the mail from mailbox 

Num_Msgs := Mai lbox . Num_Mai l_Msgs ( Ma i 1 bo x_Id _ > Mailbox_Id) loop 

for i in 1 . . Num_Msgs loop f. 

I 

Mailbox. Get { Mai lbox_Id -> Mailbox_Id, 

Mai l_Msg_Type => Msg_Type) ; 

-- do case on the type of mail message 
case Msg_Type is 

when Mai l_Msg_Types . Ret_To_Safestore => 

-- after type of message is determined, the message must be split to place the 

— data area into the local pointer. 

Mailbox. Split_Safestore_Msg (Safestore_Msg => <safestore_message>, 

Mailbox_ID => Mailbox_ID) ; 

— get the data 

Sa festore_Value := Get_Safestore_Value (Msg => <safestore_message>) ; 
when others => 
null ; 
end case; 

end loop; 


— Send ** NOT NEEDED IN EVERY PARTITION ** 


Msg_Type <type_o€_mai l_message__to_send> ; 

-- do case pn the type of mail message 
case Msg_Type is 

when Mai l_Meg_Types .Ret_To_Safes tore => 

— build the message 

Mailbox . Bui ld_Safestore_Msg (Safestore_Msg => <safestore_message_variable>, 

Mail box_ID => Mai lbox_ID) ; 

-- now send the mail message 

Mailbox. Put ( Parti tion_Prefix => cidentif ies_receiving_partition>, 
Mailbox_Id => Mailbox_Id) ; 

when others => 
null ; 
end case; 

** u ^ 5 . j - 

end Proce§s.J4ailbox; 
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separate { <name>_?art i t ion) 
procedure Update_Inputs is 
* NumjGt^Msgs : Natural := 0; 
beg i n 


-- no rmal ( one- to-many; 


— get time consistent message 

Message . One_To_Ma r.y. lee (In_Msg_Ia => <message_ident i f ier>} ; 

— get time consistent message along with the time that the message was sent 
Message . QneJTo_Many . Get (In_Msg_Id => <message_ident i f ier>, 

Msg_Time => <simulacion_clock_t ime>) ; 

-- get the latest message that was sent by the producer 

— Note: 

This operation does not provide time consistent message 
retrieval. The time deltas between the messages received 
will vary depending upon the relative execution order of 
the producer and consumer 
Message .One_To_Many .Get_Latest 

(In_Msg__Id => <message_ident i f ier>, 

Msg_Time -> <requester r s_current_period_start_time>} ; 


— special { many-to-one) 

NumjOf^Msgs : - 

Message .Many_To_0ne .Number _Of_Msgs _To_Get (In_Msg_Id => (message_ident i f ier>] ; 
For i in 1 . . Num_Of_Msgs loop 
Message . Many_TQ_One . Get 

(In_Msg_Id <message_identi f ier>) ; 

<process_message>; 
end loop; 

end Update_Inputs ; 


separate (<name>_Partition) 
procedure Update_Outputs is 
begin 

— To send messages for other partitions to use: 

— for one- to -many messages 

Message , One_To_Many . Put (Out_Msg_Id => <message_ident i f ier>) ; 

— for many-to-one 

Message .Many_To_One . Put (Out_Msg_Id => <message_ident i f ier>) ; 
end Update_Outputs ; 


separate (<na!w>_Partituion) 
procedure Updaj^^Son»_Object is 
begi n 

null; — Whatever 
end Update_3ome_0bject ; 


separate {<name>_Partition} 
procedure Update_Somemore_Cbjects is 
begin 

null; — More whatever 
end Update_Somemore_Objects ; 


OSfOSNAL PAGE IS 
Of POOS QUALITY 


1-8 



separate { <name>__Part i tion) 
procedure Initialize_Model is 
begin 

<name>_CIass . Reques t _S t a t e_Cha nge (Instance => 

Command => 

<name>_Class . Request_State_Change (Instance => 

Command => 

< name>_Ciass . Reques t_St a ce_Change ( Instance => 

Command => 


<name>_Instance_l , 
Reset) ; 

<name>_Instance_2 , 
Reset) ; 

<name>_I nstance_N, 
Reset) ; 


end Initial ize_ModeI ; 


separate ( <name>_Part i t ion) 
procedure Register_IO is 
begi n 


— Register Partition Mailbox 


Mailbox. Regi ster_Mai lbox { Part ition_Pref ix => <identi f ier_of_registering_partit ion> 

Mailbox_Id => <ident i f ies_the_mai lbox>) ; 


— Identify the messages to be sent to other partitions 

— (output messages from this partitions perspective) 

-- Each output message will require a REGISTER_TO_SEND_MSG routine 




— normal (one- to-many) 


Message . One_To_Many . Regi st er_To_Send_Msg 


(Out_Msg_Id 
Part ition_Pref ix 
Msg_Dis_Id 
Msg_Bit _Size 
Execution_Rate 
Msg_Pt r_Addr 


. <identifies_the_message>, 

=> cident i f ier_of_registering_partition>, 
=> <DIS_id_of_message_to_be_sent>, 


=> 

=> 

=> 


<message_size_in_BITS>, 
<worst_case_delivery_rate>, 
<local_pointer_to_the_message>) ; 


special ( many-to-one) 


Message . Many_To_One . Regis ter_To_Send_Msg 

(Out_Msg_Id => <ident i f ies_the_message>. 

Part i t ion_Pref ix -> <identifier_of_the_requesting_partition>, 

Msg_Dis_Id => <DIS_id_of _message_to_be_sent>, 

Msg_Pt r_Addr => <local_pointer_to_the_message>) 


Identify the messages to be received from other partitions 

(input messages from this partitions perspective) 

— Each input message will require a REQUEST_TO_RECV_MSG 




-- normal (one- to- many) 


Message . One_To_Many . Regi ster_To_Recv_Msg 


(In_Msg_Id 
Partit ion_Pref ix 
Msg_Di s_Id 
Execut ion_Rate 
Msg_Pt r_Addr 


=> <identif ies_the_message>, 

=> cident i fier_o f_the_requesting_part it ion>, 

=> <DIS__id_of_message_to_be_received>, 

-> <rate at which receiving partition execuces>, 
-> <local_pointer_to_the_message>) ; 


special (many-to-one) 


Message .Many_To_One . Regester__To_Recv_Msg 

(In_Msg_Id => <identif ies_the_message>, 

Partition_Pref ix => cident if ier_of_the_requesting_partition>, 
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> <DI3_ id_jOf _rnessage_“o_be_ser*c>, 

> <message_s i ze_i n__3ITS>, 

> <worst_case_queue_size>, 

> < 1 oc a i _po incer_co_t he_mes s age > ) ; 

end Registered; 


Msg_Dis,Id 
Msg_Bic _Size 
Queue_Si ze 
Msg_Pi*r_Addr 


with DIS, <nair:e>_Defs ; 
separate ; <name>_Part i t ion) 
procedure Set _'Jp is 
beg i n 


-- Create instances of classes. 


<name>_Class . Create (...); 


— Link actual variables names to the logical DIS terms. 


DIS . Connec t_Term (Term r> <name>_Defs . <variable_name>, — Term ID 

Address => <var iable_name> ' address) ; — Variable's Address 

DIS. Connec c_Term (Term => <name>_Defs . <variable_name>, -- Term ID 

Symbol => '<variable_name>') ; — Variable's Name 


-- Initialize the model (s) in this Partition. 


Ini t ial ize_Model ; 


— Register inputs and outputs. 

Registered; 
end Set_Up; 


separate ( <name>_Parti t ion) 
procedure Create_Data is 
begin 

-- normal (one-to-many ) 

— for each one-to-many input message CREATE_MSG is required 

Message . One_To_Many .Create_Msg (In_Msg_Id => <identi f ies__the_message>) ; 

— for each one-to-many output message CREATE_MSG is required 

Message . One_To_Many . Create_Msg (Out_Msg_Id -> <identi f ies_the_message>) ; 

For each to- many output message, init the buffer with 'good* data. 

This is just .in case another partition were to try and 'read* from this 
buffer e nsures no constraint errors because of no initialization. 

Message . One^o^Many . Put (Out_Msg_Id => cident if ies_th®_message>) ; 


— special (many-to-one) 

-- for each many-to-one input message CREATE_MSG is required 

Message . Many _To_One . Cr eat e_Msg (In_Msg_Id => <identifies_the_message>) ; 

— for each many-to-one output message CREATE_MSG is required 

Message . Many _To_One . Create_Msg (Out__Msg_Id => cident i f ies_the_message>) ; 

end Create_Data; 


separate (<name>_Partition) 
procedure Self_Init is 
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s roue in© will be called after sot.6 type or ini — 3 * *, zs. ion ca_a ha s -e e n 

__ 1 * 1 * from an initialization file and placed ir.c6 the appropriate Tailbox. 

-- The parameter, Initializat ion.Type :s used to identify the type of self-ir.it 
ceir.5 requested L .e . , a full IC or a state adjustment. See section 4.2.2 tor 
-- xc re information. 


;f Thread _Exec . A_ruIl_Ic_Is_Required then -- means we are doing a :uii_ic ini 

-- see section 4.4.2 

Ini t 1 a i 1 ze_Mcdei ; 
er.d if; 

__ Each partition will read the mailbox data and populate local variables to 
-- their new values. It will also perform any ocher necessary internal 
-- initialization. 

__ note: This is a one-pass initialization -- no iterating! 

Process_Mai Ibox? 

-- Setup flags used during System.Init 
Stabilized : = False; 

Elapsed_Time := 0.0; 


-- Update to the next mode . 



g This is to be called when the partition has completed self-init processing 

Thread.Exec .Ready_To_Transition; 
end Self.Init; 



separate { <name>_Part i t ion) 
procedure System.Init is 
begin 

This routine will be called after Self_ Init is complete. 

-- Partitions will be able to iterate in this mode until stable conditions 
— have been reached, 

Del ta_Time := Thread_Exec.Delta.Time; 

Process.Mailbox; 

Update .Inputs ; 

Updace.Some.Object; 

Update_Somemore_Objects; 

Updace.Outputs ; 

— Update. |he timer used to stabilize this model 
if not Stl i&Iliied then 

E 1 apse d ^Tiae :* €lapsed_Time * Delta.Time; 
if El^MdJfiM >= 5.0 then 
Stylized := True; 

Thread _£xec . Ready .To .Transition; 
end if; 
end if; 

end System.Init; 


separate ( <name>_Particion) 

procedure RUN is 

begin 

— ANY PROCESSING REQUIRED BY THIS PARTITION WILL BE PLACED IN HERE SOMEWHERE 
Delta.Time := Thread.Exec .Del ta.Time; 
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Process _Ma ilbox; 
Upcace_Inputs; 
Ucdate^Some.Objecc ; 

Led a t e _3 o memo re_Dfc : eccs ; 
Ucdate_Dutpucs; 

er.d RUN; 


sera race ( < ra ne> _?a r t i t i on ; 
procedure FREEZE is 
beg i n 


-- ANY PROCESSING REQUIRED 9Y THIS PARTITION WILL BE PLACED IN HERE SOMEWHERE 
-- Partitions will still iterate, however integration constants wii * be set 
-- to zero. Overruns will be detected in this mode. Messages can passed 
-- and malfunctions entered by ICS, 


Deita_Time ;= Thread_Exec . Del ta . 




Process_Mai lbox; 
Update_Inputs; 
Updace_Some_Ob jec t ; 
Update_5omemorejDbj ects; 
Update_Oucpucs ; 


end FREEZE; 


separate ( <name>_Partition) 

procedure HOLD is 

begin 

~ ANY PROCESSING REQUIRED BY THIS PARTITION WILL BE PLACED IN HERE. 

— GENERALLY, ONLY PARTITIONS NEEDING TO PERFORM: 

1. I/O TO KEEP DEVICES FROM DROPPING OFF-LINE 

2. SPECIAL PROCESSING FOR ASSET ADD/DROP (INTERFACE AGENTS ) 

— MEED TO PROVIDE SPECIAL ROUTINES FOR THIS MODE. 

— NO MESSAGES WILL BE PASSED IN THIS MODE 

— NO MALFUNCTIONS ENTERED FROM IOS . 


nul I ; 


end HOLD ; 


separate (<name>_Parcition) 

procedure TERM is 

begin 

— ANY smmxm PROCESSING REQUIRED BY THIS PARTITION WILL BE PLACED IN HERE 
nul 1 ; 
end TERM; 

7.4 Generic Partition Template 

The following template shows the differences between a normal partition and a generic partition. This struc- 
ture basically makes a class-like structure out of an RMS-scheduled partitic' 


with DIS; 
generic 

Part ition_DIS_Id : in DIS . variable_id ; 

package <name>_Part i Cion; 
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8. APPENDIX II -REAL TIME INTERFACE PACKAGES 
8.1 . Generic Model 


-- ger.rrodl _s * a 

chis catkage provides generic packages instantiated by applications 
for scheduling. 

with 3td_Eng_ r Jnits ; 

with Rts_Types; 

with 3 imuIation_Clock ; 

package Generic _Mo del is 


I 

■ 


periodic rates supported are 40, 30, 25, 20, 10, 5, 2, and 1 Hz 

type Per iodic_Rate is new Rt . Execut ion_Rate range Rt.P40hz . . Rt.Plhz; 

generic 

Name : in String; 

Rate : in Per iodic_Type; 
with procedure Execute_Set_Up_Model ; 
with procedure Execute^. Cr eat e_Data — Model ; 
with procedure Exec ute_Sel f_I nit _Model ; 
with procedure Execute_System_Init_Model ; 
with procedure Execute_Run_Model ; 
with procedure Execute_Freeze_Model ; 
with procedure Execute_Hold__Model ; 
with procedure Execute_TerminateJ4odel ; 

Storage_Bits : in Integer := 10240 * 8; 

Max_Dis_Terms : in Integer := 400; 
package Periodic is 

— subprograms for Thread Exec characteristics 

function Delta_Time return Seu. Seconds; 

function Rate_Of_Execution return Rt . Execut ion_Rate; 

-- subprograms for partition moding 

function A_Full_Ic_Is_Required return Boolean; 

procedure Ready_To .Transition (Continue JExec : in Boolean := False); 

package Clock renames Simulation_Clock; 

use Clock? 

function G_M_T return Clock. Time; 
function S_G_M_T return Clock. Time; 
end Periodic; 


aperiodic budgeted rates are 40, 30, 25, 20, 10, 5, 2, and 1 Hz 

typ# J^eriodicjlate is new Rt . Execut ion_Rate range Rt.A40hz .. Rt . 

generic 

Name : in String; 

Rate : in Aperiodic_Type; 

Iterations : in Integer; 

Vector : in Integer; 

with procedure Execute_Set_Up_Model ; 
with procedure Execute_Create_Data_Model ; 
with procedure Exec ute_Sel f_I nit _Model ; 
with procedure Execute_System_Ini t_Model ; 
with procedure Execute_Run__Model ; 
with procedure Execute_Freeze_Model ; 
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with procedure Execute _Te r m i r.a t e _M: de i ; 
gStc rage _3 its : in Integer 1024 1 * 8; 
package Aperiodic is 

— subprogram for Thread Exec character 1st its 
function Race_Of .Execution return Rt . Execuc ion_Race ; 

— time functions return latest time from Si mC lock 
pa tkage Clock renames Simula t ion — Clock; 

use Clock; 

function U_M_T return Clock. Time; 
function S_G_M_7 return Clock. Time; 
end Aperiodic; 


— asynchronous partitions execute in background 
generic 

Name ■ in String; 

DelayJTime : Seu. Seconds; 
with procedure Execute_Set_Up_Model ; 
with procedure Execute_Create_Data_Model ; 
with procedure Execute_Sel f _Ini t_Model ; 
with procedure Execute_System_Ini t_Model ; 
with procedure Execuce_Run_Model ; 
with procedure Execute_Freeze_Model ; 
with procedure Execute_Hold_Model ; 
with procedure Execute_Terminate_Model ; 

Storage_Bits : in Integer 10240 * 8; 
package Asynchronous is 

— subprograms for Thread Exec characteristics 
function Ratej3f_Execution return R t . Exec u t i o n_Ra t e ; 
procedure Ready_To_Transition (Continue_Exec ; in Boolean := False); 
procedure Change_Delay_Time (Time : in Seu. Seconds) ; 
end Asynchronous; 

end Generic_Model ; 
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8.2. Message 




w;:r. Di s , RcsJTypes, 3td_Sng_ T Jnit7 , Simuiac ion_Clock , 
Message_Internal_?ypes , Syscem; 

cac'oge Message Is 


Exceptions 

-- Tr.e following exception is raise if an error occurs while 
-- seeing up the messaging system. If this exception is raised 

the messaging system may not function properly. 

Message_System_Set up_Error : exception; 

The following exception is raised if there is an unrecoverable 

— error in che messaging system. If this error is raised the 

— message system may not function properly. 

Message_Internal_Error : exception; 

The following exceptions are raised if the message can not be 

— successful! registerd or created. 

Register_Message_Error : exception; 

Create_Message_Error : exception; 

-- Package One_To_Many should be used for all general communication needs. 

— Xt supports one sender sending to one or more receivers. It provides 
time homogeneous and time consistent data based on the relative rates 

-- of the sender and receiver (s) if the Get operation is used to retrieve 

— messages. If the Get_Latest operation is used it provides the latest 

— (most recent) message that was sent by the producer. 


package One_To_Many is 


-- Normal Communication 


type Ouc_Msg is limited private; 
type In_Msg is limited private; 


Exceptions 

-- The following exception is raised by the Get operation if the 

— time consistant message that is to be received by the caller 

— (based upon its execution rate) is nolonger in the message 

buffer. This condition will arise if the caller is executing 

— slower than the lowest supported rate, or if it has has an 

— overrun which causes it to be executing slower than the lowest 

— supported rate. 

Message_Not_Found : exception; 


called by the producer 


This operation must be called by the producer during the 
w- Mgi*ter_I/0 aubmode for each message chat is to be sent, 
pTOCsdure Regis cer_To_Send_Msg 

(Out_Msg_Id : in out Out_Msg; 

Partition_Pref ix : in Dis .Component_Id; 
Msg_Dis_Id : in Dis .Message_Id; 

Msg_Bit_Size : in Natural; 

Execution_Rate : in Rts_Types . Execution_Rate; 
Msg_Ptr_Addr : in System. Address) ; 

-- This operation must be called by the producer during the 

— Create_Data submode for each message that is to be sent, 
procedure Creace_Msg (Out_Msg_Id : in out Out_Msg) ; 

— The Put operation is called by the producer to send a message 
procedure Put (Out_Msg_Id : in out Out_Msg) ; 
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called by the receiver's' 


— This operation must te called by the receiver during the 

-- Register_I/0 submode for each message that is to te received, 
procedure Register JTo_Recv_Msg 

( In_Msg_Id : in out In_Msg; 

?arcUion_Prefix : in Dis . Component _Id; 

Msg_Dis_Id : in Dis.Message_Id; 

Execuc ion_Rate : in Rts__Types.Execucion_.Race; 
Msg_Ptr_Addr ; in System. Address J ; 

This operation must be called by the receiver during the 

— Create.Data submode for each message that is to be received, 
procedure Creace_Msg {In_Msg_Id ; in out In.Msg) ; 

-- The Get operations retrieve time consistent messages relative to 
- ne ra te of the consumer. The message retrieved will be the 

most recent message produced during the consumers previous 

-- period. 

procedure Get (In_Msg_Id : in out In_Msg) ; 

procedure Get {In_Msg_Id : in out In_Msg; 

MsgJTime : out Simulation^ lock .Time) ; 

— The Get^Latest operations retrieve the most recent message 

— produced (relative to the rate of the producer). 

NOTE: 

These operations do not provide time consistent message 
retrieval. The time deltas between the messages received 

will vary depending upon the relative execution order of 

the producer and consumer . 
procedure Get_Latest (In_Msg_Id ; in out In__Msg) ; 

procedure Get_Latest (In_Msg_Id : in out In_Msg; 

MsgJTime : out Simulacion_Clock.Time) ; 


— — private 


private 

package Mit renames Message ^Internal JTypes; 

pragma Inline (Put) ; 
pragma Inline {Get) ; 
pragma Inline (Get ..Latest) ; 

^JlaCfOrd for SGI 
qjpT Wag is 
record 

Buf fer__Ptr ; Mit .Msg_Buf fer_Ptr ; 
Desc_Ptr : Mit .Otm_Msg_Desc_Ptr ; 
Tag_Ptr : Mi t .Otm__MsgJTag_Ptr ; 

Parti tion_Ptr^Addr : System. Address ; 
RoutingJTable_Index : Integer := 0; 
Period : Rts JTypes . Execution_Race : = 
Rts JTypes . Execution_Rate' First; 
end record; 

type I n_Msg is new Msg? 
type Out_Msg is new Msg; 


end OneJToJtany; 
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-- Pacoge Mar.y_To_Cne should be used only for special case communication. 

-- All messages sene co Che receiver are queued in FIFO order. The message 
-- received is jioc based on che races or che sender and receiver, inscead 
__ - v- e receiver receives all message sene. This communication me c hod 
-- snould be used when a single receiver receives che same message from 
-- mere chan one producer or when a single receiver needs co receive a i a 
-- messages sene in FIFO order. When che receiver regiscers co reeceive 

3 message a queue size must be specified. The queue size should be 

— determined based upon cwo factors. First, the number of possible senders 
-- and second, me relative execution races of che senders and che receiver. 
--If the receiver is executing faster than or at the same rate as the 

senders, che queue size must be at least as large as two times the number 

0 f senders. If the receiver is executing slower than the senders the 

following formula can be used to calculate the queue size: 

[(senders race / receivers rate) x 2] x Isenders. 

-- For example, if the receiver is executing at 1GHz with three senders 

-- executing at 40 Hz the queue size should be [(40/10) x 2] x 3 = 24. 

package Many_JTo_One is — Special Case Communication 

package Mit renames Message_Internal_Types ,* 

type Out_Msg is limited private; 
type I n_Msg is limited private; 

— 512 has been chosen as the max queue size, no particular reason, just 

— a guess for now. 

subtype Queue_Sizes is Mi t . Internal_Queue_Sizes range 0 .. 512; 

Exceptions 

— The following exception is raised by Put when the queue is full 
Queue_Full : exception; 


-- The following exception is raised by Get when there are no messages 
No _Mes sages : exception; 

called by producers of message 

— This operation must be called by the producers during the 

— Register_I/0 submode for each message that is to be sent. 

procedure Regis ter_To_Send_Msg {Out_Msg__Id : in out Out_Msg, ^ 

Partitlon_?ref ix : in Dis . Component _I 
Msg_Dis_Id : in Dis .Message_Id; 
Msg_Ptr_Addr : in System. Address ) ; 

— This operation must be called by the producers during the 

Cr«ate_Data submode for each message that is to be sent. 

procedure Create_Msg ( Out _Msg_Id : in out Out_ Msg) ; 

— This operation will return true if the queue for Out_Msg_Id 

— ia full 

function Queue_Is_Full (Out_Msg_Id : in Out_Msg) return Boolean; 

— The Put operation is called by the producers to send a message 
procedure Put (Out_Msg_Id : in out Out_Msg) ; 

called by receiver of message 

-- This operation must be called by the receiver during the 

— Register_I/0 submode for each message that is to be received. 

— See the description at the begining of the Many_To_One package 

— to determine the queue size. 

procedure Regis ter JTo_Recv_Msg (In_Msg_Id : in out In_Msg; 


0»5snm. page !S 

OF POOR QUALITY 


11-5 



Part i t ion_?re f ix ■ in Z i s . Zompo re 
Msg_Ois_Id 5 in Zis . Messaged ; 
Msg_3i z_Size ( : in Natural; 
Queue_3ize : in Queue_Sizes; 
Msg_Ftr_Addr : in System . Address) 

sc be called by che receiver during che 
ie for each message chat is to be received. 

( I n_Msg_Ia : in out In_Msg) ; 

-- This operation may be called by che receiver to determine the 
-- number of partitions registered to send a particular message, 
function Number .Offenders (In_Msg_Id : In_Msg) return Natural; 

-- This operation may be called by the receiver to determine the 
-- che number of messages available to get. 

function Number_Of _Msgs_To_Get (In_Msg_Id : In_Msg) return Natural; 

~ The Get operations will retrieve the next message in the FIFO queue, 
procedure Get (In_Msg_Id : in out In_Msg) ; 

procedure Get (In_Msg_Id : in out In_Msg; 

MsgJTime : out 5imulation_Clock .Time) ; 


-- This operation ~u 
-- Z reace_Gaca su 
procedure Zrear e_’ 


-- — private 


private 

pragma Inline (Get); 
pragma Inline (Put) ; 

pragma Inline (Number_Of_ Msgs_To_Get ) ? 

— Record for SGI 
type Msg is 
record 

Buffer_Ptr ; Mit . Msg_Buf fer_Ptr; 

Desc_Ptr : Mi t . Mto_Msg_Desc_Ptr; 

Tag_Ptr : Mi t .Mto_Msg_Tag_Ptr ; 

Parti tion_Ptr_Addr : System. Address ; 

Rout ing_Table_Index : Integer := 0; 

Queue_Size : Mit ♦ Inter nal_Queue_Sizes := 0; 
end record; 

type Xn_J4«g is new Msg; 
type Out_Msg is new Msg; 

end Many.To_.Oue; 

— Package Remote is not to be used for general purpose communication 

or f or partition to partition communication. It is intended to be used 

used by RTS, .terface Agents, and in other special cases (IOS, OSS) 

-- for communication across the lan. 

— All messages sent to the receiver are queued in FIFO order. Each 

— receiver effectivly has its own queue. 

— When the receiver registers to receive 

a message a queue size must be specified. The queue size should be 

— determined based upon two factors. First, the number of possible senders 

and second, che relative execution races of the senders and che receiver. 

If che receiver is executing faster chan or at che same rate as the 
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servers, the queue size must be at lease as large as :wo ei^es zr.e r.urcer 
of senders. If cr.e receiver Is executing slower than Che senders the 
roll owing formula can be used t«p calculate the que ue size: 

: : senders rate / receivers rate; x 2] x rfsenders. 

-- per example , if the receiver is executing at ICHz with three senders 
executing at 42 Hz the queue size should be [ 14 3/10) x 2] x 3 = ^4. 


caexage Remote is -- Special Case Communication 

carnage Mit renames Message_Incernal_Types ; 


rype Out _Msg is limited private; 
type In_Msg is limited private; 

-- 512 has been chosen as the max queue size, no particular reason, just 
— a guess for now. 

subtype Queue_Sizes is Mi t . Interna l_Queue^Sizes range 0 .. 512; 

Exceptions 

The following exception is raised by Put when the queue is full 

Queue_Full : exception; 

The following exception is raised by Get when there are no messages 

No_Mes sages : exception; 

called by producers of message 

-- This operation must be called by the producers during the 

Register_I/0 submode for each message that is to be sent. 

procedure Register_To__Send_Msg 

(Out_Msg_Id ; in out Out_Msg; 

Partition_Pref ix : in Dis .Component _Id; 

Msg_Dis_Id : in Dis .Message_Id; 

Msg_Bit_Size ; in Natural; 

Queue_Size : in Queue_Sizes; 

Execut ion_Rate : in RtsJTypes . Execution_Rate; 
Msg_Ptr_Addr ; in System. Address) ; 

These operations are called to unregister messages. They 

provide the capability for multiple senders and receivers 

__ register to send or receive a message without knowing 
-- who the true sender or recieve will be. Once = the true sender 

— or receiver is determined, the others unregister there messages. 

NOTE: These operations must be called before the Join_Session 

— operation is called*!! They are not to be used after inter-asset 

— coranuncacion has been established. 

miregister an out message. {Un-Register_To_Send_Msg} 
procedure Unregister — Msg (Msg_Id : in out Out_Msg) ; 

Unregister an in message. (Un-Register_To_Recv_Msg) 

procedure Unregister_Msg (Msg_Id : in out In_Msg) , 

These two operations provide the capability for a sender 

-- or receiver to re-register to send or receive a message 

after un-registering it with one of the above Unregister 

— operations. 

NOTE: These operations will not allow the sender or 

-- reciever to send or receive messages across the LAN. 

-- It will only let them start sending or receiving the 
-- message locally. It is intended to be used by an asset 
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-- afcer it has ceen dropped and is star.da line arc Therefore 
-- dees not wish to send or receive message across or.e .ar. 

_ _ cue dees need to send or receive them new tr.at -t - s 
- - s t a nda lone. 


-- Reregister an out message. ' Re-Register JTo_3er.d_Msg; 
procedure Reregister _Ms g ;Msg_i.d : in ouv. Out _Ms g ; 

-- Reregister an in message. (Re-Regi ster_To_Rec v_Msg; 
procedure Reregister _Ms g (Msg_Id : in out j. n_Msg ) ; 

This operation must be called by the producers during the 

Create_Data submode for each message that is to be sent. 

procedure Create_Msg (Out_Msg_Id : in out Gut_Msg) ; 

This operation will return true if the queue for Out_Msg_Id 

— is full 

function Queue_Is_Ful 1 (Out_Msg_Id ; in Outjteg} return Boolean; 

The Put operation is called by the producers to send a message 

procedure Put {Out_Msg_Id : in out Qut_Msg) ; 

called by receiver of message 

— This operation must be called by the receiver during the 

Regis ter_!/0 submode for each message that is to be received. ~ 

see the description at the begining of the Many_To_One package 

— to determine the queue size. 

procedure Regis ter_To_Recv_Msg (In_Msg_Id ; in out In_Msg; 

Partition_Pref ix : in Dis .Componenc_Id; 
Msg_Dis_Id : in Dis .Message_Id; 
Msg_Bit_Size : in Natural; 

Queue_Size : in Queue_Sizes; 
Msg_Ptr_Addr : in System. Address } ; 

— This operation must be called by the receiver during the 

— Great e_Daca submode for each mes? that is to be received, 

procedure Creace_Msg ( I n_Msg_Id : *z In_Msg) ; 

— This operation may be called by the receiver to determine the 

— the number of messages available to get. 

function Number_Of _Msgs_To_Get (In_Msg_Id ; In_Msg) return Natural; 

The Get operations will retrieve the next message in the FIFO queue. 

procedure Get (In__Msg_Id ; in out In_Msg) ; 

procedure Get ( I n_Msg_Id : in out In_Msg; 

Megjfime : out Simulat ion_Clock . Time} ; 


— — private 


private 


pragma Inline (Get) ; 
pragma Inline (Put); 

pragma Inline (Number__Of _Msgs_To_Get ) ; 

— Record for SGI 
type Msg is 
record 

Buf fer_Ptr : Mit .Msg_Buf fer_Ptr ; 
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Desc J:r : Mi - . Remo te_Msg_Cesc_?t r ; 

Tag Per : Mit . Remece_Msg_?ag_?t r ; 

?a re i e ion_? e r _Addr : System . Address ; 

Roue i ng_Tafcle_Index : Integer : = 0; 

Queue _S ire : Mi t . I r.cernal_Queue_Si zes : = 
My_Ready_Remove_Index : Posieive := 1; 

end record; 

eyre In_Msg is new Msg; 
type Cut.Msg is new Msg; 


end Remote; 


— This package contains controlling operations only to be used by rts. 

— The router needs special interfaces because it cannot create a Msg_Id 

— for each message that it puts and gets from the software backplane. 

— It is just a pass thru from the RTSN to the software backplane and 

— visa versa, 
package Control is 

The status values for Join_Session and Drop_From__Session 

type Conf ig_Status is {Success, Pending, Error); 

Exceptions 

The following exception is raised by Put when the queue is full 

Queue_Full : exception; — raised by Put when the queue is full 

— The following exception is raised by Get when there are no messages 
No_Messages : exception; — raised by Get when there are no messages 

— This procedure is to be used by the router to create a 

— reflected message. 

procedure Create_Msg (Msg_Dis_Id : in Dis ,Message_Id) ; 

— This operation will return true if the queue for Msg_Dis_Id 

— is full 

function Queue _Is_Ful 1 (Msg_0is_Id : in Dis .Message_Id) return Boolean 

— This procedure is called by the Router to put a remote message 

— into the swbp after receiveing if from the lan. 
procedure Put (Msg_Dis_Id : in Dis . Message_Id; 

Msg_Addr ; in System. Address) ; 

— This procedure is to be used by the router to determine 
che number of remote messages in a message queue to be 

— sent out over the lan. 
function Number _Of_Msgs_To_Get 

(Msg_Dis_Id : Dis .Message _Id) return Natural; 

^ This procedure is called by the Router to get a remote message 
__ f rom che swbp to send it out over the lan. 
procedure Get (Msg_Dis_Id ; in Dis .Message_Id; 

Msg_Addr ; i,n System. Address) ; 

This command instructs the software backplane to set up 

— communication with a session. It should be called after 

-- the Setup and Create Data submodes to establish inter-asset 

— communication. 

procedure Join_Session (Session : in Std_Eng_Units . Sessions) ; 

-- This command instructs the software backplane to drop 
-- communication with the session, 
procedure Drop_From_Session; 
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This operation will return the status of the las: Join.Sessi : n 

— or Drop_?rom_Session command. 

function Status return Cor.: ig_atat us r , 

-- This operation will determine 1: the message tan be a reflected 

— niessage. It will :heck the size of the message agianst the 

_ ^ : v e amount of reflected memory left. It will also check the 

— type of the message. Currently only Cne-TC-Many messages tan 

— be re: let terd . 

function This_Message_Can - 3e_Re fleeted 

(Msg_Dis_Id : in Dis . Message_Id) return Boolean; 

-- This operation is called by the Router to prepare a remote message 
-- to be sent remote. It should be called for a specific remote 

— message when the first asset that receives the remote message 

— joins the session. 

procedure Setup_To_Send_Msg_Remote (Msg_Dis_Id : in Dis . Message_Id) ; 

— This operation is called by the Router when a remote message 
-- that is being sent remote no longer needs to be send remote. 

— It should be called for a specific remote message when the 

-- last asset that requires the message drops from the session, 
procedure Stop_Sending_Msg_Remoce (Msg_Dis_ld : in Dis - Message_Id] ; 

This command shutsdown the software backplane 

procedure Shutdown; 


private 


pragma 

pragma 

pragma 

pragma 

pragma 


Inline (Get); 

Inline (Put); 

Inline (Number_Gf__Msgs_To_Get ) ; 

Inline (Status) ; 

Inline ( Thi s _Me s sage _Can_Be_Re flee ted) ; 


end Control ; 

— This package contains the communication interface for black boxes on 
__ che rtSN. It will provide operations to register, create, send, and 

possibly receive messages. These operations are different than those 

~ in One-To-Many and Many-To-One because there may be special formats 

required in order to communicate with a black box. 

package Biack_Box is 

package Hit renames Message_Internal_Types ; 

type Conmnd^S tat uses is (Success, Pending, Bad_td, Busy, Error}; 
type C o— ttnd^Ids is private; 

inter#ace_S t a tes is (Enabled, Disabled); 

— 512 has been chosen as the max queue size, no particular reason, just 

— a guess for now. 

subtype Queue_Sizes is Mi t . Internal_Queue .Sizes range 0 .. 512; 

type Co mm .Types is (Stream, Dgram) ; 
type Networks is (Rtsn, Gp) ; 

type Out. Msg is limited private; 
type In.Msg is limited private; 

called by the producer 

This operation must be called by the producer during the 

— Register_I/0 submode for each message that is to be sent. 
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__ t- will register the message with the software cackp.ane 

and establish Che communi cat ion link with the black box. 

p r oc edur e Reg iscer_To_Send # _Msg 

(Cut_Msg_Id : in ouc Gut_Msg; 

Parti tion_Pref ix : in Ois .Component _Id; 

Msg_Ois_Id ; in Dis . Message_Ia ; 

Msg_3it_3ize : in Natural; 

Execution_Rate : in RtsJTypes . Execut ion_Rate ; 

Msg_Ptr_Addr : in System. Address; 

Receiving_Node : in Scd_Eng_Units .Nodes ; 

Comm_Type : in Comm_Types; 

Network : in Networks := Rtsn) ; 

This operation must be called by the producer during the 

— Creace_Data submode for each message that is to be sent. 

It will allocate the buffers in the software backplane for 

— the message. 

procedure Createjteg (Out_Msg_Id : in out Out_Msg) ; 

The Put operation is called by the producer to send a message 

procedure Put (Out_Msg_Id : in out Out_Msg) ; 

called by receiver of message 

— This operation must be called by the receiver during the 

— Register_I/0 submode for each message that is to be received. 

procedure Register_To_Recv_Msg (In_Msg__Id : in out In_Msg; * 

Partition_Prefix : in Dis .Component _Ig; 
Msg_Dis_Id : in Dis .Message_Id; 
Msg_Bit_Size : in Natural; 

Queue_Size : in Queue_Sizes; 

Msg_ Ptr_Addr : in System. Address ; 
Sending_Node : in Std_Eng_Units . Nodes ; 
ComitL_Typ« : in Comm^Types; 

Network : in Networks :* Rtsn); 


— This operation must be called by the receiver during the 

— Create_Daca submode for each message that is to be received, 
procedure Create_Msg (In_Msg_Id : in out In_ Msg) ; 

-- This operation may be called by the receiver to determine the 

— the number of messages available to get. 

function Number_Of_Msgs_To_Gec (In_Msg_Id : In_Msg) return Natural; 

— The Get operations will retrieve the next message in the FIFO queue, 
procedure Get (In_Msg_Id : in out In_Msg) ; 

t- called by eithor 

TlSQVA commands can be called to command the software backplane to 
— -i! perform certian operations associated with communication with a 
black box. The commands return command id which uniqely identify 
che consnand . Status of the command can be obtained by calling 

— the satatus function and passing it the id of the command on 

— which status is desired. The status will be one of the following; 

Success - the command has completed successfully 
Pending - the command is in progress 
Bad_Id - no command associated with this id 
Busy - a command is already in progress to this node 
Error - the command has not completed successuflly 

— Only one command can be outstanding to a node at a time. If 

— multiple commands are issued all but the first will be ignored 

— and status calls will return with busy. These commands must 

— be re-issued after the previous commands complete. 
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^hus "jT^rar.G will open a no conf i gure tr.<= r tommur.. % C3C ,v" -»nk w — r. 

— cr,e blac.< cox, It should noc be -ailed until the back box is ready 
-- co corji.uni :ace. 

function ;pen_Comm .Node : in 3cd_Sn<j_-T.its -Nodes; return :ommand_:ds ; 

-- This command will close the communication lir.it with the 
-- black box. 

function Close_ Comm [Node : in Scd_Eng_”ni ts . Nodes , return Cominan.d_.as ; 

This operation will return the status of the command associated 

-- with the command id. 

function Command Status {Command_^d : m Comrnand_ids/ 

return Command_3tacuses ; 

These commands return the state of the black box node interface 

function Inter face_State 

(Node : in Std_Eng_ T Jni cs . Nodes) return Interface_States ; 

function Inter face_Is_Disabled 

{Node : in Std_Eng_Uni ts .Nodes) return Boolean; 


function Interf ace_Is_Enabled 

(Node : in Std_EngJJni ts . Nodes) return Boolean; 


private 


pragma Inline 
pragma Inline 
pragma Inline 
pragma Inline 
pragma Inline 
pragma Inline 
pragma Inline 
pragma Inline 
pragma Inline 


(Get) ; 

(Put) ; 

( Number _Of_Msgs_To_Get ] ; 
(Open_Comm) ; 

{ Close jComm) ; 
(Command_Status) ; 
(Interface_State) ; 

( Interface_Is_Disabled) ; 
( Incerface_Is_Enabled) ; 


type Command_Ids is new Natural; 


type Msg is 
record 

Buf fer_Ptr : Mi t .Msg_Buf fer_Ptr; 
Desc_Ptr : Mit . Mto_Msg_Desc_Ptr ; 
Tag_Ptr ; Mi t .Mto_Msg_Tag_Ptr ; 
Partition_Ptr_Addr : System, Address ; 
Routing_Table_Index ; Integer := 0; 
Period : RtsjTypes . Execut ion_Rate := 
Rts_Types . Execut ion_Rate ' First; 
record; 

I zkjtoq is new Msg; 
type Outjfag is new Msg; 


end BLack_Box; 


end Message; 

--I Abstract: This package provides the types and operations necessary to 
I interface with the messaging system, 

--I Warnings: This package depends on the use of shared memory and shared 
__l semaphores. The semaphores are only used during initialization, 

— I noc during runtime. 

— I 
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This pac< age depends upon cernpao :ci 1 icy eeeweer. Jyscer, . Ad cress 
and che value of an access eyre . Ic uses 'J no <e c :<ed _ Tc r ve r s i o n 
co corvero from x'Adaress co an access eyre. 
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8.3. Mailbox 


with Messa^e^Incema 1 _?ypes , Dis, System, Er.ze r _Ma i I be x , 

3a rest o re_Mai I box, Mai :unccion_Mai Ibex, Me ga_Mai!fccx, 3td_Eng_?ypes ; 

package Mailbox is 

package Mit renames Message_Internal_Types ; 
package Sec renames 3cd_Eng_?ypes ; 


Cons 


ants 


-- The size of a mail message 

-- 2k storage units long - just a guess for now 
Max_Mai 1 box_Msg_3i ze : constant Natural := 2048; 


Except ions 


— Not used 

Not_A_Prefix : exception; 

— Raised by Regiscer_Maiibox if an exception occurs. Or if the 
-- Component _Id supplied for the parameter ' My_Part icion_Pref ix' 

-- is not a partition prefix. That is, the Component_Id was not 
-- registered (Dis . Regis ter_Component) with Prefix sec to True. 

-- When ever possible a message will be logged giving details as 
-- to why this exception was raised. 

Regiscer_Mailbox_Error : exception; 

-- Raised by GetJJserJOef i ned_Msg_Type , Get_User JDef ined_Msg, and 
-- Get_Next_Msg_Type if they are called on an empty mailbox 
Mai lbox_Empty : exception; 

-- Raised by Put_User_Def ined_Msg if the desination mailbox is not 
-- found .not registered) . 

Mailbox_Not_Found ; exception; 

-- Raised by ?ut_"ser_Def ined_Msg if a user defined mail message 

— is too large. 

Mai Ibox_Message_Too_Large : exception; 

— Raised by Put_User_Def ined_Msg if the mailbox does not have enough 

— memory to send the message. 

Mai 1 box_3ys tem_Out _0f _Memory : exception; 

— Raised if the mailbox system cannot startup correctly. If this is 

— raised the mailbox system may not function correctly. 

Mailboxj||«artVp_Brror : exception; 

-?Sl- • 

— Ra i sedlg^tbe mailbox system cannot shutdown correctly. 
Mailbox_ffbuedd*«X_.Error : exception; 

— Raised by Register_Mailbox if there is an uncrcoverable internal 
-- error in the mailbox system. If this error is raised, the mailbox 

— system should be considerd erronous. 

Mai lbox_Incernal_Error : exception; 

Types 

type Msg_Types is {Router, Return_To_Safestore, ReturnJTo_Datastore, 

Malfunction, Enter, Mega, User_Def ined) ; 
for Msg_Types use (Router => -7 , 

Return_To_Safestore => -6, 
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Recum_To_Dacascore => -5, 

Malfunction => -4, 

Enter, => -3, 

Mega => -2, 

User _-efined => -1); 

for Msg .Types ' Si 2 e use 32; 

type Internal _Msg _Type Is limited private; 
type Mailboxes is limited private; 

called by owner of mailbox 

-- This operation registers a mailbox it must be called in order to 
-- send or receive mail messages. It should be called during the 
-- Register I/O submode. 

procedure Register_Mailbox (My_Partition_Pref ix : in Dis .Component_Id; 

My_Mai lbox.Id : in out Mailboxes); 

Returns true if mail messages are present, false if not. 

function Mai l.Is.Present (My .Mai lbox.Id : in Mailboxes) return Boolean; 

Returns the number of mail messages currently in the mailbox. 

function Num.Mai l.Msgs (My.Mai lbox.Id ; in Mailboxes) return Natural; 

__ Gets the type of the next mail message in the mailbox. This is 

the first step in retrieving a mail message. After the type has 

— been determined the appropriate Get operation can be called, or 
-- if the type is User.Defined then the Get.User.Def i ned .Msg.Type 
-- operation can be called. 

function Get .Next .Msg.Type (My_Mai lbox_Id : in Mailboxes) return Msg.Types; 

Operations to get the next message from the mailbox 

procedure Get.Safestore.Msg ( Safes to re.Msg : out 

Safes to re.Mail box . Safes to re.Msg; 
My.Mailbox.Id : in out Mailboxes] ; 

procedure Get.Mal func tion.Msg ( Mai func tion.Msg ; out 

Mai func tion.Mail box .Mai func tion.Msg ; 
My.Mailbox.Id : in out Mailboxes) ; 

procedure Get.Enter.Msg (Enter.Msg : out Ent er .Mail box. Enter.Msg; 

My.Mailbox.Id : in out Mailboxes) ; 

procedure Get.Mega.Msg (Mega.Msg : out Mega .Mail box. Mega.Msg; 

My.Mailbox.Id : in out Mailboxes); 

— This operation is to be used by the Router to get messages from its 
mailbox ■ Address. For. Msg is the address for the locatin at which 

— the Missage should be placed. This location must be capable of 

— hol(t a *11 message of Max.Mailbox_Msg.Size (declared in this 
-- package) • Dea t .Part ition.P ref ix is the original destination of 

— the mail message. Msg.Type is the type of the mail message. 

__ My.Mailbox.Id is the routers mailbox id. 

procedure Get.Router.Msg ( Address.For.Msg : in System. Address ; 

Dest.Partit ion.Pref ix : out Dis . Component. Id; 
Msg.Type ; out Internal .Msg.Type ; 

My.Mailbox.Id : in out Mailboxes) ; 


— USER DEFINED MESSAGE SUPPORT -- 

— The Gec_User_Def ined_Msg_Type and Get_User_Def ined_Msg operations 

provide support for receiveing user defined mail messages. When 

possible the above predefined mail messages types should be used 

— because they ensure that the sender and receiver are using the 
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-- same message cype, There are also s.cporc packages provided c: 

-- aid in using mail message of che predefined cypes . If chis generic 
-** routines are used ic is up co one .ser :o ensure char che sender and 
-- receiver ag-^-e on che sc rue cure of cr.e nail message. 

— I: che Ge ~ _\e v c _Ma i 1 _Ms g_Tv"~ * funccim recurns User _De fined as che 
-- -cype of Che nexc message : the mailbox and if it is possible for 
-- che mailbox to receive more chan one type of user defined message 
-- Cher, che Get _User_Defined_Msg_Type operation must be called to 

-- determine which user defined message is in che mailbox. After 
-- this has been determined, then the appropriate instantiation of 
ue:_jser — Defined_Msg can be called to retrieve the message from 

— the mailbox. 

Gets the type of the user defined mail message, 
generic 

type Use r_De f i ned_Msg_Types is (<>) ; 
function Oet_User_Def ined_Msg_Type 

(My_Mai lbox_Id : in Mailboxes) return User_Def 1 ned_Msg_Types ; 

-- 'Gets the user defined mail message, 
generic 

type User_Def ined_Mail_Msg is private; 
procedure Get _Use r_De f i ned_Msg 

(User_Def ined_Msg ; out User_Def ined_Mail_Msg? 

My_Mailbox_Id : in out Mailboxes) ; 

called by sender of mail message 

-- Sends a mail message to the specified partition, 
procedure Put_Safestore_Msg ( Safes tore_Msg : in 

Sa f es to re_Ma i Ibox . Sa f es t o re_Msg ; 
Dest_Parcition_Prefix : in Dis .Component_Id) ; 

procedure Puc_Mal f unct ion_Msg ( Mai f unction_Msg : in 

Malfunction_Mailbox . Mai func tion_Msg; 
Dest_Partition_Prefix ; in Dis .Component_Id) 

procedure Put_Enter_Msg (Enter_Msg : in Enter_Mailbox. Enter_Msg; 

Desc_Partition_Prefix : in Dis . Component _rd) ; 

procedure Put_Mega_Msg (Mega_Msg : in Mega _Mai Ibox. Mega _Msg; 

Dest_Partition_Prefix : in Dis .Componenc_Id) ; 

procedure :--c_Ds_Msg (Ds_Msg j in Mega _Mai Ibox. Mega_Msg; 

Dest_Parti tion_Pref ix ; in Dis . Component _Id) ; 

~~ This operation is to be used by the Router to send mailbox 
-- message to periPion's mailboxes. Address_of_Msg is the address 

— of the ifliX EBesage. Max_Mailbox_Msg_Size storage units will be 

— taken from this address and send to the destination mailbox for 

— Dest_Partition_Prefix. Mail_Msg_Type is the type of the mail 

— message chat is being sent. 

procedure Put_Router_Msg ( Address_Qf_Msg ; in System. Address; 

Msg_Type : in Incernal_Msg_Type; 

Dest_Part it ion_Pref ix : in Dis .Component_Id) ; 


— USER DE .ED MESSAGE SUPPORT -- 

— The Pu t _ is e r _De f i ned_Msg operation is used to send a user defined 

— mail message. When possible the above predefined mail messages types 

— should be used because they ensure that the sender and receiver are 

— using the same message cype. There are also support packages provided 

— to aid in using mail message of the predefined types. If this generic 


11-16 


i r.e is ised, it Ls up to the user to ensure that the ser.cer an 
__ receiver agree on the structure ot the iraii message. 

type Use r JOe f i ned_Ma 1 1 _Msg is private; 
type User _Dez i ned_Msg_Types is '<>]; 
c^tcedure Puc_User_Det ined_Msg 

(Maii_Hsg_Type ; in User_De: ined_Msg_?ypes ; 
User_Def ined_Msg : in User_Defined_Mail_Msg; 

Dest_?art it ion_Pref ix : in Ois . Component _ Id/ ; 

Shutsdown the mailbox messaging system. Not to be called by parti 

procedure Shutdown; 


-- — private 


private 

pragma Inline ( Mail_Is_Present) ; 
pragma Inline {Num_Mai i^Msgs) ; 

pragma Inline (Get_Safestore_Msg) ; 
pragma Inline { Get_Mal f unct ion_Msg) ; 
pragma Inline ( Get_Enter_Msg) ; 
pragma Inline ( Gec_Mega_Msg) ; 
pragma Inline (Gec_Router_Msg) ; 


W 


pragma Inline ( Puc_Saf estore_Msg) ; 
pragma Inline ( Put_Mal f unct ion_Msg) ; 
pragma Inline ( Put_Enter_Msg} ; 
pragma Inline ( Put_Mega_Msg) ; 
pragma Inline ( Put_Router_Msg) ; 

— Storage_Units per word (32 bits) 

Word : constant := 32 / System. Storage JJnit ; 

type Internal _Msg_Type is new Set . Integer _3 2 ; 

type Message is new Mi t . Storage JJnits (1 .. Max_Mailbox_Msg_Size) 

-- Message' Size = 2048 * 8 = 16384 

for Message' Size use Max_Mailbox_Msg_Size * System.Storage JJnit; 

type Headers is 
record 

Dest_Partition_Pref ix : Dis .Component _Id; 

)tog_Type : Internal_Msg_Type ; 

M»g_Size : Natural := 0; 
record;" 


for Headers u mm 

record at mod 4; 

Dest_Partition__Prefix at 0 * 
Msg_Type at 2 * Word range 0 
Msg_Si ze at 3 * Word range 0 
end record; 

for Headers' Size use 64 * 32 + 32 ; 


Word range 0 . 
. . 31; 

. . 31; 


. 63; 


— IVER 


type Mail bo x_Mes sage is 
record 

Header : Headers; 
Msg ; Message; 
end record; 


t i o ns . 
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# VER 

cype Mailbcx_Message_rtr is access Mai lbox„Message ; 

-- Record for SGI 
type Mailboxes is 
record 

Buf fer_Ptr : Mir . Mailbox_Buf fer_Ptr; 

Desc_?tr : Mic .Mailbox_Desc_Pt r ; 

Tag_Ptr : Mic . Mai Lbox_Tag_Pt r ; 

Rout ing_Table_Index : Natural := 0; 
end record; 


-- Frequently us sices 

— size allocated for mailbox messages 

Ma i 1 bo x_Mes sage_S i ze : constant Natural :s 
Message' Size / System. StorageJJnit ; 

— Size of a mailbox message plus its associated header 
Message_Pl us_Header _S i ze : constant Natural : = 

Mailbox_Message_Size ♦ Headers 'Size / System. StorageJJnit ; 

— Size of the message header 

Msg_Header_Si ze : constant Natural : = Headers 'Size / System. Storage _Unit ; 

-- Size of the message type in the header record (it's an integer) 
Msg_Type_Size : constant Natural Integer' Size / System. StorageJJnit ; 

end Mailbox; 


I Abstract: This package provides the types and operations necessary to 

I interface with the mailbox communication system. Each mail 

1 message must be of a specific type (ie. Safestore, Malfunction, 

Enter, etc) . The sender and receiver use this type to identify 
__j the kind of message so that they know how to deal with it (how 

„l co build it and how to split it). This package provides support 

__ I for some predefined mail message types such as: Safestore, 

j Malfunction, and Enter. These are common messages that will be 

I frequently and by many partitions. Senders and receivers that 

um thee# mail message types are guareented to be using the same 
_l d m&M types for the messages. This package also provides support 

__l for 'user defined* messages that are not widely used or shared 

__j between many partitions. There are three generic subroutines which 

I provide support user defined messages: BuildJJser J3efined_Msg, 

I Ge cJJser_De fined _Msg, and Split JJserJJef inedjteg. They are 

I instantiated with the user defined message types. It is up to 

I the users to ensure that the sender and ’ ^iver agree on the 

__j structure and data type of user defined messages. 

I Warnings: This package depends on the use of shared memory and shared 

j semaphores. The semaphores are only used during initialization, 

— j not during runtime. 

I There are two restrictions placed on the type used for (JserJJef- 


fcr Mai Lbcx_Message use 
record at mod 4; 

Header at 0 * Word range 0 .. 127; 
Msg at 4 * Word range 0 .. 16333; 
end record; 

for Mai lbcx_Message ' Si ze use 128 «- 16384; 
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ined_Msg_Types . First, :r.e type tus: nave a size --- 32 s>ts. 
To insure this a length clause should be used 
(ex. for Type 'Size use 32?! . Seconc, - re values of -he - ype 
must be positive. This means that ir ar. enumeration -ype - s 
used its licterals must not be giver, negative values with a 
representation clause. 

This package depends upon compatibility between System. Address 
and the value of an access type. It uses Unchecked _Convers ion 
to convert from x' Address to an access »_ype. 


ORIGINAL PAG€ IS 
OF POOR QUALITY 
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8.3.1 Enter.Mailbox 

with D is , 3cd_Eng_?ypes ; 
pa c < a ge Ent e r _Ma i L bo x is 

package Sec renames Std.Eng.Types ; 

-- Data cype for ZOS Sneer Tailbox messages 

cype Enter.Msg is private; — Initialize and IOS Enter data 
generic 

cype Daca.Type is private; 
procedure Create (Msg : in out Enter.Msg; 

Id : Dis.Term.Id; 

Value : Daca_Type; 

Index : Integer := 0) ; 

procedure Create_R6 (Msg : in out Encer_Msg; 

Id : Dis.Term.Id; 

Value : Set.Real_6; 

Index : Integer := 0); 

procedure Create_R15 (Msg : in out Enter_Msg; 

Id : Dis.Term.Id; 

Value : Set.Real.15; 

Index : Integer := 0); 

procedure Create_l8 (Msg : in out Enter.Msg; 

Id : Dis.Term.Id; 

Value : Set . Integer.8 ; 

Index : Integer := 0); 

procedure Create_Il6 (Msg : in out Enter.Msg; 

Id ; Dis.Term.Id; 

Value : Set . Integer. 16 ; 

Index i Integer : = 0}; 

procedure Creace_l32 (Msc • in out Enter.Msg; 

Ir *s.Term_Id; 

V. : Set . Integer_32 ; 

In . - \ : Integer := 0) ; 

procedure Create_String 

(Msg : in out Enter.Msg; Id : Dis.Term.Id; Value : String); 

function Id (Msg : Enter.Msg) return Dis.Term_Id; 
function Index (Msg : Enter_Msg) return Integer; 

generic—:^. 

type^P»t«JType is private; 
function Wlue (Msg : Enter.Msg) return Datatype; 

function VaIue.R6 (Msg : Enter_Msg) return Set-Real.6; 

function Value.RlS (Msg : Enter_Msg) return Set.Real_15; 

function Value.18 (Msg : Enter_Msg) return Set . Integer_8 ; 

function Value.116 (Msg : Enter_Msg) return Set . Integer_16 ; 

function Value_l32 (Msg ; Enter.Msg} return Set . Integer_32 ; 

function Value.Scring (Msg : Enter.Msg; Length : Natural) return String; 

procedure” Poke (Msg ; Enter_Msg) ; 

Id_Not .Found : exception; 

— raised when Poke is called with an identifier that 

— has not been registered at the local level . 
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P:i_S T o reconnected : except ion; 

-- raised when PoJce is called with an identitm 
-- has not been connected with an address. 

Toc_Carge : exception; 

-- raised by Create it the data type is too bi: 
-- in the value buffer. 


p r 1 va t e 

-- secret 

end Encer_Mai Ibox; 


ORIGINAL PAGE IS 
OP POOR QUALITY 


r that 


to fit 
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8.3.2 Malfunction_Mailbox 

wi z r. Dis, 3cd_Eng_Types ; 
package Mai :unction_Mai Ibex :s 

package Sec renames 3cd_Eng_Types ; 

— Da ca cype for Malfunction mailbox messages 

cype Mai funcc ion_Msg is privace; — Malfunction Messages 

procedure Create 'Msg : in out Mai f unct ion_Msg; 

Id : Di s . Mai functioned ; 

On_Cr_Cf f : Set.On_Cff := Set.Cn; 

Scale ; 3ec.Real_15 := 0.0; 

Bias : Set.Reai_15 := 0.0; 

Opcion_Value : Natural : = 0) ; 

function Id (Msg ; Mai funcc ion_Msg) return Dis .Malfunctioned; 
generic 

cype Discrece_Type is (<>) ; 

function Option (Msg : Mai funcc ion_Msg) return Discrete_Type; 
function Option_Vaiue (Msg : Mai funcc ion_Msg) return Natural; 

function PI (Msg : Malfunction_Msg} return Set.Real_15; 
function P2 (Msg : Mai f unct ion_Msg) return Sec.Real_15; 
function State (Msg : Mai f unct ion_Msg) return Set.On_Off; 

procedure Poke (Msg : Mai funcc ion_Msg) ; 

Bad_Size ; exception; 

-- raised by generic Selector or Discrete if the generic actual 
-- parameter (enumeration type) is not 8, 16, or 32 bits long 

privace 

-- protected from sight 
end Mai funcc ion_Mai ibex; 
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8.3.3 Safestore_Mailbox 

with Cis; 

pa :<age Safesiore.Mai Ibex is 

-- Cat a type for Returr.-co-Safest o re mailbox messages 

tvue Sa festore_Msg is private; — Return to Safestore data 

type Syte is range 0 .. 255; 

: d r Byte' Size use 8; 

type Vaiue_3uf fer is array (Positive range <>) of 3yte; 

procedure Create (Msg : in out Safestore_Msg ; 

Id : Cis .Message_Id; 

Value : Value_Buf fer) ; 

function Id (Msg : Safestore_Msg) return Dis . Message_Id; 
generic 

type DataJType is private; 

function Value (Msg ; Sa festore_Msg) return DataJType; 
Too_Large ; exception; 

— raised by Create if the data type is too big to fit 


private 

-- invisible 
end Safestore_Mailbox; 
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8.3.4 Mega.Mailbox 

with Dis, 3td_Eng_Types ; 

package Mega_MaiIbcx is f 

package Sec renames 3cd_Eng_Types ; 

Max_3ncrles : conscan: := 60; 

eyre Mega_Msg ;s private; -- For many ;Term_ID * value; secs ac once. 

-- The sender of che Mega_Msg must call Creace before appending anything 

— co the Mega_Msg . After sending ic, the sender should call Clear, 
procedure Creace (Msg : in ouc Mega_Msg) ; 

procedure Clear {Msg : in ouc Mega_Msg} ; 

generic 

type Daca_Type Is privace; 
procedure Append {Msg : in ouc Mega_Ms * 

Id : Dis.Term_Id; 

Value : Daca_Type) ; 

procedure Append_R6 

(Msg : in ouc Mega_Msg; Id : Dis,Term_Id; Value : Set.Real_6); 
procedure Append _R1 5 

(Msg : in ouc Mega_Msg; Id : Dis.Term_Id; Value : SeC . Real_15) ; 

procedure Append_!8 (Msg : in ouc Mega_Msg; 

Id : Dis.Term_Id; 

Value : Sec . Inceger_8) ; 

procedure Append_I16 (Msg ; in ouc Mega_Msg; 

I'd : Dis.Term_Id; 

Value : Sec . Integer _16 ) ; 

procedure Append_I32 (Msg : in out Mega_Msg; 

Id : Dis.Term_Id; 

Value : Sec . Inceger_32) ; 

procedure Append_String 

(Msg : in ouc Mega_Msg; Id : Dis.Term_Id; Value : String) ; 

— co avoid the exception Too_Large 

function Appendable (Msg ; Mega_Msg; Bits : Inceger) return Boolean; 

— most of the *query*/*seLeccor * operations operate on the "current entry*. 

— All entries in a mega message arrive as 'valid*. An entry is 

— invali ftted by poking it or asking for its value. 

— * .will only poke valid entries. 

procedure Poke (Msg : in out Mega_Msg; Only_If_Valid : Boolean := True); 

— P°fce cbe current entry; if it is already invalid, it will not 

— be poked, unless Only_If_Valid is set to false. Then it will 

— be poked anyway. 

procedure Poke_Ail (Msg : in out Mega_Msg) ; 

— poke all valid entries 

— invalidate an entry . : you don't want it poked. 

— Zero means the current entry, 
procedure Invalidate (Msg : in out Mega_Msg) ; 

function Number_Of_Encries (Msg ; Mega^Msg) return Natural; 
procedure First £Msg : in out Mega_Msg] ; 
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cr:cedure Next \ Msg : in ouc Mega_Msg! : 
procedure 3o_To 'Msg : in out Mega.Msg; 

Id : Dis .Tern;_Id ; 

Found : out Boolean) ; 

function At_End (Msg : in Mega_Msg) return Boolean; 

f u roc ion I d does noc invalidate an enc-y. 

function Id (Msg : Mega_Msg} return Dis.Term_ld; 

-- retrieving a value invalidates its entry, these will not be 

-- poked automatically by Poke or Poke_All. 

generic 

type Datatype is private; 

procedure Value (Msg ; in out Mega_Msg; Data : ouc DataJType) ; 

procedure Value_R6 (Msg : in out Mega_Msg; Data : out Set.Real_6); 

procedure Vaiue_R15 (Msg ; in out Mega_Msg; Data ; out Set .Real_15) ; 
procedure Value _I8 (Msg : in out Mega_Msg; Data ; out Set . Inceger_8) ; 
procedure Value .116 (Msg : in out Mega_Msg; Data ; out Set . Integer .1 6 ) 
procedure Value_I32 (Msg : in out Mega.Msg; Data : out Set . Integer J2) 
procedure Value_String (Msg : in out Mega_Msg; Data : out String) ; 

be sure the string variable is the correct length 

NotjDreated : exception; 

raised by Append if the Mega_Msg has not yet been initialized 

-- using Create. 

Too_Large : exception; 

— raised by an Append if the data type is too big to fit in the 
-- remaining portion of the Mega_Msg . 

Too_Many_Ent ries : exception; 

-- tried to append more than Max_Entries entries. 

End_Er ror : exception; 

tried to advance beyond the end of the Mega_Msg. 


private 

— ya can't touch this 
end Mega _Ma i 1 bo x ; 


ORIGINAL PAGE IS 
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8.4. DIS 


wicn Syszer.; 
w:; r. E „ rvu c r. s ; 
w ; - Scd_Er.g_Types ; 
package D :s is 


package Sec renames 3cd_Er.g_Types ; 


— The DI S package is an "object manager*. The 
-- che Distributed Identifier Spec (DIS) cable. 
-- provides a number of atscracc daca cypes for 
-- populace che DIS cree in che body. 


managed object is 
The package 
che objects which 


ADT 


Definition 


Handle 


Compo nenc_ID 

Term_ID 

Message_ID 

Type_ID 

Type_Tag 

Mai f unc t ion_ 


ID 


private 

private 

private 

private 

open (enumeration) 
private 


Co mpo ne nt _Ha nd 1 e 
Term__Handle 
Mes sage _Hand 1 e 
Type -Handle 

Ma 1 f unc t io n_Hand 1 e 


The DIS must be searched once to get an identifier's handle, 

-- which points to the node where the data is located. Then all 
-- access to that identifier's data must use the handle; this reduces 

— the number of searches. Dis identifiers (objects with '_ID* suffix) 
-- are unique and distributable among different main programs and 

— network nodes; the handle may only be used in the context of the 
-- main program in which the conversion has been performed. 


Here is an example of a hierarchy of identifiers that can be 
-- placed into che DIS. 


-- Robocics 
SPDM 

Fail 

SSRMS 

Joint_l_Yaw 

Joint_l_Roll 

tfT 

RolIJType 
YawJType 
-- Environment 

— USAD 

GH5 

J PAD 

' Tank 

Temp_Sensor 
Fail _Temp_Sensor 
Storage_Leak 
Currenc_Pressure 
Valve_Module 
Rocket_Assembly 
Rocket_Engine 

Ca c_8ed_Fail 
Heacer_Fail 
Thruscer 

— Cac_Bed 
Prop_Valves 
Chamber_Pressure 


( Compo nent_ID) 

( Component _ID, prefix => true) 
( Mai f unct ion_ID) 

{Component_ID, prefix => r e) 
(Term_ID) 

(Term_ID) 

(Component_ID) 

(Type_ID) 

(Type_ID) 

( Compo nent_ID) 

(Componenc_ID) 

(Compcnent_ID) 

( Compo nent_ID) 

{ Compo nent_ID, prefix => true) 
(Component_ID array, 6) 
(Term_lD array, 3) 
(Malfunction_ID array, 3) 
(Malfunction_ID) ; 

(Term_ID) 

( Compo nent_ID) 

{ Component _ID, prefix => true) 
(Component_ID multiple, 6) 

(Mai funct ion_ID array, 2) 

(Mai f unction_ID) 

(Component _ID array, 13) 

{ Compo nent_ID) 

( Component _ID) 

(Term_ID) 
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__ 7he identifiers are entered into the -13 oy taking packages 
-- [tailed _Ce f s [pronounced "dears* [sir}; packages, as in 
__ :;5AZ_Ders or Rocket _Sngir.e_Der s ) which conform to a set of 
-- rules and call the Register functions. See the examples for 
-- how these packages look. 


type : :-mpor.enc_Id is private; 

Nul I .Component ; constant Componenc.Id; 
t ype Co mpo ne n t _Ha nd 1 e is p r i va t e ; 

Nul I_Comp .Handle : constant Component. Ha ndle ; 


type Term_Id is private; 

Null_Term : constant Term.Id; 
type Term.Handle is private; 

Nul I _Te rm.Ha nd 1 e : constant Term.Handle; 

Max.Total .Terms : constant := 100.000; 

subtype Term.rndex is Set . Nacural_32 range 0 . .Max.Total.Terms; 

type Type_Id is private; 

Null .Type : constant Type.Xd; 
type Type_Handle is private; 

Nul 1 .Type. Ha ndle : constant Type.Handle; 

type Message^ Id is private; 

Null_Message : constant Message.Id; 
type Message.Handle is private; 

Nul l_Msg_Ha ndle : constant Message.Handle; 

type Malfunctioned is private; 

Nul l_Mal function : constant Malfunctioned 
type Mai funct ion.Handle is private? 

Nui l.Ma I f .Handle ; constant Mai funct ion.Handle; 


-- Type_Tag is used in 
type Type .Tag is (NullJTag, 

Integer.Tag, 
Shore .Tag, 
Byte.Tag, 

FI oat .Tag, 
Double.Tag, 
Character.Tag 
St ring .Tag, 
Enum.Tag) ; 


placeholder 
32 bit integer 

— 16 bit integer 
-- 8 bit integer 

— 32 bit float (SET.Real.6) 

— 64 bit float ( SET .Real.15) 
-- a single character 

— a fixed-length string 
-- for enumeration types 


Register.Type 


type U**T is (Look’ — IOS readable 

Look.Enter, — IOS readable 4 writable 
Initialize} ; — datastored & initialized term 
type User.List is array (Positive range <>) of User; 

Look_Only i constant User_List :s {1 => Look); 

Look_Ini t ial ize : constant User_List (Look, Initialize); 

Look.Enter. Initialize : constant User_Lisc := (Look.Enter, Initialize); 

Null_Address : constant System. Address ;= Eunuchs .Null .Address? 

type Address.Ar ray is array (Positive range <>) of System. Address ; 

Null. Address .Array i constant Address.Array := (1 . - 0 => Null.Address) ; 

type Va 1 ue _L i s t is array (Natural range <>) of Natural; 

Nul 1 _Va 1 ue.L i 9 C : constant Value_List ;= (1 .. 0 => 0); 

«>■.* T K; 
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-- 



The 21 S is created with st ac:c information using the -Register' 
-- routines below. This static information includes identifiers 
__ f cr ob;ects # types, and mal tunct i :r.s , as well as descriptor 
__ information associated with these entities 'such, as parameters 
__ rw ac 2re - - be used for malfunction routines’ . The static 
-- information in the DIS is consistent on ail platforms and in all 

applications ; including all off-line applications} as long as 

__ everyone is using the same version of the DIS. The DIS is 

augmented with dynamic intimation at runtime through the use 

-- of the 'Connect' facilities. 


function Regis ter_Component (Parent : Component_Id; 

Name •: String; -- length <= Max_Comp_Na me 
Prefix : Boolean := False; 

Length : Natural : = 0; 

Labels : String ;= **) return Component _Id; 

The Register_Component operation creates a node for a new level 

-- in the DIS tree at the position indicated by the Parent parameter. 

__ The Length parameter must be used to register multiple components 
__ which have the same contents. This allows a single Defs package 
__ to register multiple copies of a set of identifiers. In this case, 

-- the Defs package can be said to resemble a record definition, and 

— the Component _ID array can be said to resemble an array of records. 

— \ 'prefix' is a Componenc_ID which is registered with the Prefix 
-- parameter set to True. A prefix is required in the 'ancestry' of 
__ an y Term_ID or Mai funct ion_ID . Also, a prefix's 'descendants' may 
-- not include any other prefix Component.IDs . These rules are 

-- enforced by the DIS through the exception Pref ix_£rror . A prefix 
-- identifies a single mailbox; all Terms_IDs and Mai function_IDs are 
-- delivered to their respective partitions via the mailbox that is 
-- identified by the prefix under which they were registered. 



function Register_Term (Parent : Component _Id; 

Name : String; — length <- Max_Id_Name 
The JType ; Type_Id; 

Users : User_List := Look_Encer_Initialize; 
Length : Natural := 0; 

Labels : String := **) return Term_Id; 

Register JTerm requires a Type_ID to indicate how the data 

— is to be interpreted. A Term_ID array is an aggregate of 
-- Term_ID's which have the same type. A TermJTD array 

— is registered by supplying a Length parameter >0. If a 

— labels parameter is supplied, the labels will be used to 

— index, tbs Tertn_ID array. 


function Register Jfcs sage (Parent : Component_Id? 

Name : String; -- length <= Max_Id_Name 
Bits : Natural; 

Safescore : Boolean := False) return Message_Id; 

— A Message_ID is very similar to an Term_ID but is 

— only used for software backplane messages. This 

— routine must always be supplied with a number of 

— bits. No type information is supplied. A flag 

-- ndicates whether or not the item is to be retrieved 

— for safestore. Bits is the size of the message in bits. 


function Register JType (Parent : Component _Id; 

Name : String; -- length <= Max_Id_Name 

The.Tag : TypeJTag; ORIGINAL PAGE IS 

Size : Natural := 0; QP pQQp QUALITY 
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m m . 


Low_3ound : Bering := 

Kigh_Bound : Bering : = **; 

Val ues : Value_lise := Null _Va 1 ue_Li se ; 
Labels : String := **i return Type_Id; 
Type.IDs provide the ability Co interpret data accessed 
with Ter~_I n s. Each Register JTer m must be accompanied by 
a 7ype_ID parameter. Each Type_ID is registered using a 'type 
tag' which indicates which class of type it will belong to. 

For tag: Required: Optional: 


Null JTag (error) 

Integer JTag 

Short JTag 

Byte JTag 

Floac_Tag 

Double JTag 

Character_Tag 

String_Tag Size 

Enum JTag Labels 


Low or High bound 
Low or High bound 
Low or High bound 
Low or High bound 
Low or High bound 
Low or High bound 

Size, Values 


When registering a Type_ID for 9, 16, or 32 bit integers (Byte_ 
Tag, Short JTag, and IntegerJTag respectively) , single or double 
precision floating points (FloatJTag and DoubleJTag) , or single 
characters (Character JTag) , a Low or High bound may be supplied. 


Low and high bounds must be in the proper numeric or character 
order, and must have the correct format (which depends on the type 
^ag — byte, integer, short, float, double, or character) . 


Labels must be supplied for Enum literals. The Labels 
parameter specifies a list of names conforming to Ada syntax 
separated by commas. 

Size must be supplied for StringJTag'd types. It is 
optional for enum tag'd types (the default is 8 bits) . 

Size is the number of characters for string tag'd items 
and the number of bits for types with Enum JTag. For 
strings, Size must not be greater than Max_String. 

Values are the representational aspect of enumeration 
cypes; if no list is provided, the default ('POS) 
numbering (0,1,2) is used; otherwise, each enum value 
is stored. 

Registration of StringJTag'd TypeJCDs requires a Size 

- ( thS fiuinbT of characters in the string, as with registering 

- T«ra^_XBsJ & ~ ... • 

Tyji.^IDe of Enum JTag" must be supplied with a Labels parameter 

- (the DIfl wane* to see Ada-like identifiers separated by commas for 

- all 'labels* parameters). Optionally, the number of bits that 

- objects of this type use can be specified (the default number is 

- eight bits) , as well as a list of values that matches to the 

- enumeration representation of the Ada type (this is not necessary 

- for enumeration types with no rep spec) . These three parameters 

- (bitss, labels, and values) can be obtained by instantiating a 

- generic call Enum_Functions which accepts the Ada enumeration 

- type as an actual parameter. This is provided so that the user 

- can avoid hard-coding lists of labels and values chat duplicate 

- the ones provided in the type declaration and rep spec. (Enum_ 

- Functions can also be used to get a label list from an enumeration 
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— tyre ::r railing ether 213 function tat have label list para- 

— meters) . 

To register an array with the L.w, rse the Regis ter_?erm 
-- function with a Length parameter. This will create a set 
-- ->i 215 identifiers; a length = 0 creates only one- Ail of 

— the terms cnus treated will have the same type or tag. 

You tan simulate record types with the DI3 also. In 
-- situations that tail for an ’array of records', you can define 
-- a component id array; the ?erm_IDs in the *_Oefs' package 
-- for that component would be analogous to Ada record components. 

-- You can also create a generic package with Term_IDs in it; if the 

— package has a generic object parameter of type DI3 ,Componenc_ID, 

— and this is used as the 'Parent' of the Register^* calls, then the 

— package car. be instantiated in the ' _De f s * packages anywhere in your 

— DIS hierarchy. 

■ — The Sstf_Defs package registers Type__IDs for the \da types 

— that are declared in the Scd_Eng_Types and Std_Eng_Ut^ts packages. 

-- For partition data that is declared of these types, you may use 

-- the Sstf_Defs Type_IDs directly, or you may register subtypes based 
-- on those Type_IDs. It is best to use subtypes with well-chosen 
-- sub- ranges, so that the IOS user can easily manipulate values to 

— be entered. 

-- Register an integer-based subtype 

function Regi ster_Subtype (Parent : Component _Id; 

Base : Type_Id; 

Name : String := 

Low_Bound : Set . Integer_32 ; 

High_Bound ; Set , Inceger_32) return Type_Id; 

-- Register a float-based subtype 

function Register_3ubtype (Parent : Component_Id; 

Base : Type_Id; 

Name ; String ;= ' ' ; 

Low_Bound ; Set.Real_15; 

High_Bound : Sec.Real_15) return Type_Id; 

-- Register a character-based subtype 

function Regiscer_Subtype (Parent : Component _Id; 

3ase : Type_Id; 

Name : String := 99 ; 

Low_Bound : Character; 

High_Bound ; Character) return Type_Id; 

— These functions are used to register new Type_Ids which are derived 

— from previously "registered Type_Ids, whicr. are called 'base* Type_Ids. 

— Any Tyv-X* with tag Byte_Tag, ShortJTag, IntegerjTag, PloatJTag, 

— Double^ Je®, or Character_Tag can be used as a base Type_Id. Base 

— Type_Ids with inappropriate tags will raise Tag_Error. 

-- Since the only reason to register a type using these functions is to 
-- provide different bounds for a previously registered Type_Id, the 

— Low_Bound and High_9ound parameters are not optional. The bit size 
-- of the new Type_Id is the same as that of the base Type_Id. 

func' Register_Malf unction (Parent ; Component_Id; 

Name : String? -- length <= Kax_Id_Name 
Options : Type_Id := Null_Type; 

Pl_Name : String ;= 

Pl_Low : Sec.Real_15 := 0.0; 
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?l_High : iec . Rea I _1 2 := 0.0; 

?l_Type : Type_Id := N'ull.Type; 

?2 _Name : Sc ring := mm ; 

* ?2 _low : Sec . Reai_l 5 := 0.0; 

P2_High : Set.Real_15 := 0.0; 

?2_T ype : Type.Id := NuliJType? 

Score : Boolean := True? 

Lengch : Natural := 0; 

Labels : String := "J return Malfunctioned; 
__ There are four Kinds of ma 1 functions : 

Simple: (a.K.a. paramecerless) This is registered 

by supplying no Options or P1/P2 related 
parameters. 

Options: This is registered by supplying a type id 

for the Options parameter. It must be EnumJTag'd. 

pi ; This is registered by supplying a string for 

?l„Mame and a type id for PlJType. Pl_Low 
and Pl_High can be supplied to give different 
bounds to the parameter that override the low 
and high limits of Pl_Type. The name of the 
PI —Type is used as the 'units' displayed on IOS. 

P1_P2 : This is registered in the same way as a PI 

malfunction; rules and options for the P2_ 
parameters are the same as for a Pl_ parameters. 

— The Store flag indicates whether or not a malfunction is 
-- datastored & inti t ialized . It defaults to true; do not 

__ se t it to false; in fact, do not sec it at all, since this 
-- parameter will be deleted in the near future. Setting it 

— to False raises Regist ration_Error . 

__ To register an array of malfunctions, set Length > 0. 

-- Labels may be supplied as an optional parameter; if 
-- present, the number of labels supplied must be equal to 

— the Length value. 

generic 

type Enum is (<>) ; 
package Enum_Func cions is 

The Bnum_Functions package can be instantiated with any 

— Ada enumeration type, so that the information needed by 

C he Regis ter_Type function for Enum.Tag types can be 

— retrieved automatically. Instantiating this package does 
— *„,?!<> t Modify the DIS table. 

function Labels return String; 
function Num_Labels return Natural; 
function Size return Natural; 
function Values return Value_List; 

end Enum_Functions ; 


The Report procedure produces a file which divulges the 

— inner secrets of the entire DIS. The Load procedure 
-- brings such a file into the DIS, populating it without 
-- elaborating '_Defs' packages. 




h’W ^ 1 
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cr::edure Report .T;_ri:e ; S c r : ng ; 

-sers : ,ser_^ J .5“ : - uOok, _,o ■< ^ E r» t e r , Initialise) ; 

Expand : 5cc lean ; = False;; 

1 

-- Load will fail ; : zr.e file zc ce leaded has not teen 
-- t reaeed with a template user list all users specified), 

-- or if the version number in the file dees not. match the 

-- current version number (the Dis maintains a version number 

-- for the Load /Repo rt routines). The exception is Lcad_Ve rs i c n_S r ro r . 

— File_L:sc => true means From_F 1 le .3 not itself a report 
-- file, but contains a list of report files. Load_Error is 
-- raised if the Load file is corrupt or created improperly. 

-- Load_N’ame_Sr ror is raised if a load file does not exist. 

procedure Load )From_File : String; FiIe_List : Boolean := True); 

— supply the version number of the Load/Report routines, 
function Report_Versicn return Natural; 

— Registration & general exceptions 
Syncax_Error ; exception; 

— An identifier name or a label name has improper Ada 
-- syntax or exceeds the limit for number of characters 

-- ( Max_Comp_Name for components, Max_Id_Name for other IDs, 

— and Max_Labe!_Name for labels; these constants are defined 

— toward the end of the visible part of this package spec) . 

— Raised by; 

Register^ routines (the Name parameter) 

Regis terjCornponenc (arrays — the Labels parameter) 

Regiscer_Term (arrays — the Labels parameter) 

Register_Mal f unct ion_Array {arrays — the Labels parameter) 
Register JType (for types with Labels) 

Formac_Error ; exception; 

— An improperly formatted string was given for a low 

— or high bound (e.g. a low bound for an integer tag'd 

— id is given as *0.0 # ), or a Labels parameter has 
-- improper format. 

— Raised by: 

Register JType 

Tag_Error : exception; 

— A type tag was used incorrectly (for example, 

— no length parameter was supplied with String_Tag) . 

— Raised by: 

RegisterJType 

Type_ID query routines ( String_Length, Label_Index, Values, 

— Label _Value, Value_Index, Low_Bound, High_Bound, 

Jl.. Number_Of _Label s ) 

R^jBisterjJIaffunction (if Options parm is not EnumJTag'd) 
Ripi*ter_Subtype (if the base type is incompatible with the 

bounds parameters, e.g., the base type has a floating 
point tag, but the bounds are integers) . 

Connect JTerm (using Symbol parameter, if registered symbol 

has a type incompatible chan the DIS Type_ID's Tag) . 
Connect_Mal function (using Symbol parameters, if a 

registered symbol's type Is not compatible with 
the type tags required for the DIS Maif unction_ID) . 

Subtype_Error : exception; 

— The bounds given for the subtype are not a proper sub-range of 

— the bounds of the base type. 

— Raised by: 

Regis ter_Subtype 
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RegLszraiion.Srror : exception; 

-- A Mai funct ion.ID is being registered, but ncn-compat ible parameters 

3re being 3 *upp j. ied to it. For example, an Options parameter is 

-- being supplied as well as a Pl.Narr.e parameter. Or a P2_Naire 
-- is being supplied but not a PI .Name. Or Store is sec to Fa^se. 

— Raised by: 

Regi ster „Ma 1 f unc t ion 

Sr.um.3 i ze.Sr ror : exception; 

-- Enumeration objects are not 9, 16, or 32 bits. 

— Raised by: 

Regi ster. Type 

Enum.Func cions package instantiations 
Size.Error : exception; 

__ ^he size, in bits, retrieved from the symbol map for Connect.Term 
-- of Connect.Malfunction is different than the size supplied to the 
DIS (via Reg i s c e r .Type ) for the data associated with the symbol. 

— Raised by: 

Connect.Term (using Symbol parameter) 

Connect .Malfunction (using Symbols parameters) 

Connecc.Error : exception; 

— The parameters supplied as Symbol strings to Connect. Mai function 
-- do not match the parameters given to Register.Mal function, e.g., 

-- the Mai f unc tion.Id was registered as an Options malf, but a symbol 

— was supplied for the PI parameter to the Connect routine. Or a 

— Connect .Malfunction routine was called which required either an 

— array of Mai function. IDs or a single one, and the other was 
-- supplied to it. 

-- Raised by: 

Connect.Mal function (using Symbols parameters) 

Connect.Mal function 
Connect.Mal f .Array 

Id.Not.Found : exception; 

— An identifier specified as part of a request was not in the DIS. 

— When converting a string to an ID or handle, it is often caused 

— be a misspelling; it is also of the result of not *with*-ing the 

— *.Defs* package that contains the identifier, or not loading a 

— Dis report file. 

— Raised by: 

Register, routines (the Parent was not found) 

Handle 
Convert 
Pref i x.Comp 

No .Prefix _s exception; 

— The^JJtontifier jfiven to a Pref i x.Comp function is not 

— associated with any Component .ID prefix. 

— Raiiit* 

PrafixjConp 

Length.Error : exception; 

-- The number of labels given for a component, 

— term, or malfunction array registration 
-- does not match the Length parameter. 

— Or the Size parameter used for registering 

-- a St ring .Tag ' d item is greater then Max.String. 

— Raised by: 


— 

Register.Component 

( for 

arrays) 

— 

Regi ster .Term 

( for 

arrays) 

— 

Register.Mal function 

( for 

arrays) 

-- 

Regi ster .Type 

{ for 

string.tag) 
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Limit .Error : exception; 

-- The maximum number of Ldenti tiers hass ceer. registered 
-- ur.der "he current Parent component . The maximum is 
-- different for each type of identifier, and the limits 
-- are represented by the constants Max.Compor.ents, Max.Terms, 

-- Max.Typef, Max.Messages , and Max.Mal functions . 

-- Raised by: 

Register _ functions 

No .Labe Is : exception; 

-- A label -query routine was called but no labels 
-- were registered with the identifier. 

-- Raised by: 

Index functions (Cornp_, Term_, & Malfunction. Handles) 
babel functions 
Label. Index 
Label.Value 

La be! .Not .Found : exception; 

-- The requested label was not found in the list 

— of labels associated with the identifier. 

-- Raised by: 

Convert routines for' Component, Term, and Malfunction identifiers 
Index functions (Comp_, Term., & Malfunction. Handles) 

Label functions 
Labe l .Index 
Label_Value 

Value .Not .Found : exception; 

— The value given for an enumeration association 

— is not in the value list, or the index given 

— for an id array or a multiple component is not 
-- in the proper range. 

-- Raised by: 

Value_Index 
Label (Type.Handle) 

Index.Error : exception; 

— An index given for a component, term, or malfunction 

-- array or for an Enum.Tag'd type identifier, is out of bounds 
-- Raised by: 

Iocs of things 

Not.Array : exception; 

— The operation requires the handle supplied to be 

-- pointing to an identifer that has been registered as an 

— array (i,e. f the Length parameter was registered > 0). 

-- Also, raised by Connect_Term if a Term_Id was passed in 

— which pot represent the first element of a Term.Id 

— arrsy,^Stt£ Conn*ct.All ie True. 

-- Raised 'Ey s 

all routines which require a handle for a term, malf, 
or conponent array. 

Connec t_Term 

Prefix.Error : exception; 

-- A Componenc.ID is being registered as a Prefix, but one 

— of it's ancestors is already a prefix; or, a Term.ID or 

— Malfunctioned is being registered, but no ancestor 
-- component in the Parent is a Prefix. 

— Raised by: 

Reg is ter .Component 
Register.Term 
Register.Mal function 
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Cup! icace.Error : exception; 

Ar. identifier has been registered with the same na me 

— 55 another under the same component parent. it is not 
__ cermissable to have more than one Term.^D, cor instance, 

tailed *XYZ* registered under che same parent that already 

*v 3 S 3 Term.ID registered called '’XYZ*. However, a Term_Id 

-- an a Message.Id (e.g.) can both be registered under the 

same component parent, and have the same name. Axso, a 

-- Term.Id called *XYZ* may be registered even if another 
-- 'XYZ' Term.Id has already been registered under a different 
-- parent. Only the full name must be unique for a particular 
-- <ind of identifier. 

-- Raise by: 

Register_Component 
Register_Term 
Regis ter_Type 
Register_Message 
Register.Mal function 

Load.Version.Error : exception; 

-- a report file being read via the Load procedure has 

— a different version number than the current Report version 

— number which the Dis maintains internally. This is the 
-- number returned by the Report.Version function. 

— Raised by: 

Load 

Load.Na me .Error : exception; 

— A load file (either the file name given to the Load procedure 
-- or a file name in a list of files) does not exist. 

— Raised by: 

Load 

Load_Error : exception; 

-- The Load procedure has detected that its input file has 

— an incomplete list of Users in its first line--the list 

— must contain all of the users in the correct order; or, 

-- the file (or a file in the file list) does not exist; or, 

che file has badly formatted lines or is incomplete in 

— some way. 

-- Raised by: 

Load 

Null.Error : exception; 

— A null identifier or handle was supplied. 

— Raised by: 

most query routines 
Navi gate. Next routines 

— Operations on Component _ID and Component .Handle objects, 
procedure Ctaate.Symbols 

(The.Component : in out Component_Id; Parent : String) ; 

— Convert's String argument must contain an Alphanumeric version 

— of the ID ('Robotics .SPDM.Arm(2) *) . 
procedure Convert ( String .Component : String? 

The_Component : out Component.Id; 

The.Handle : out Component .Handle) ; 
function Convert (String.Component : String) return Component .Id; 
function Convert (String.Component : String) return Co mponent. Handle ; 
function Handle (Of .Component : Componenc.Id) return Component.Handle; 
function Image (Of.Component : Component.Id) return String; 
function Value (Of.String : String) return Component.Id; 
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function Full .Name (The.! 2 T,por.er.: ; , - mp - r.er.c.-c) :e:.rn String; 
function The .Name [The.Cr mpcner.c : Component .Handle) return String; 
function Prefix ' T he . Z c mp c ne nc : Ccr.cc ner.t_Har.dIe; return Boolean; 
function Number.! f .Levels " The _ Component : Component .Id) return Natural; 
function Subcomponent 

The _ So rpc rent ; Component.Id; Component _N*um ; Natural) 
return Component .Id; 


-- Functions that work on tomponer.t arrays. If the Component 
-- passed to these is not an array, then Not_Array is raised. 

— The function Id.Array tells whether a component is one or not. 
function Id.Array I The .Component : Component .Handle) return Boolean; 
function Length (The.Array : Component .Handle) return Natural; 
function Label (The.Array ; Component. Handle; Index ; Natural := 0) 
return String; 

function Index (Of.Array : Component .Handle ; Label : String : = ") 
return Positive; 

function In.Array (The .Component : Component.Id ; The.Array : Componenc.Id) 
return Boolean; 

function Component (Of.Array t Component.Id; Index ; Positive} 
return Component.Id; 

(Of.Array : Component.Id; Label : String) 
return Component.Id; 

(Of.Array : Component. Handle; Index : Positive) 
return Component .Handle ; 

(Of.Array ; Component .Handle; Label : String) 
return Component. Handle; 


function Component 
function Component 
function Component 


type Comp.Id^List is array (Positive range <>) of Component.Id; 
type Comp.Handle.List is array (Positive range <>) of Component. Handle; 
function Gec.Prefixes return Comp.Id.List ; 
function Get.Prefixes return Comp.Handle.List; 

-- The Build function creates a Component.Id by 'concatenation' of 

— related Component .Ids . The following rules apply; 

— *) The components listed mu9t be related as ancestor/decendant . 

*} They must be in order of ancestor /descendant (e.g. great- 

greac-great-grandparent , grandparent, child). 

*) Intermediate levels of the lineage may be skipped. 

*) This function does not enforce these rules, since it 
would be too expensive time-wise to look up the data, 
function Build (Comp.Lisc : C; o.Id.List) return Component.Id; 


-- The prefix name is the name given to a prefix when Connect.Pref ix 

— is called. The Partitioned is added to a prefix by the Dis when 

— Connect.Prefix is called. Partitioned returns 0 if Connect.Pref ix 
-- has not been called for the component. 

f unc t i on Tfirefl JO*® (The.Component : Component. Handle) return String; 
functiorTWrticion.Id (The.Component : Component. Handle) 
return Set . Integer_32 ; 


Subcomponent .Error : exception; 

— if the Component.Num argument is larger than the 

— number of levels chat make up a component or there 

— are no subcomponents. 


-- Operations on Term_ID objects. 

procedure Create .Symbols (The.Term ; in out Term.Id; Parent ; String) ; 

-- Convert's String argument must contain an Alphanumeric version 
-- of the ID ('Robotics. SPDM. Arm(2) .Joint .1 .Yaw'} . 
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iure Convert ' Sc ring .Term : String; 

The Term • cue Term.-d; 

The .Handle ; out Term.Handle ; 
ion Convert (St ring.Term : String) return . erm_-d; 
ion Convert ) 3 c ring.Term : String) return Term.Handle ; 
• -n Handle (Cf.Term : Terx.Id! return Term.Handle; 
ion Image (Of .Term j T e rm_ .. d ) return String, 
ion Vaiue ( o:_3t ring : String) return Term.Id; 


function Build , lomp 


Component _Id; Term : Term.Id} return Term.Id; 


function The .Component (The.Term : Term.Id) return Component _Id ; 
function Full_Name (The.Term : Term.Id) return String; 
function The_Name (The.Term : Term.Handle) return String; 

function The .Type (TheJTerm : Term.Handle) return Type_Id; 

function The .Type (The_Term : Term.Handle) return Type.Handle; 

— Lookable returns True if Che term was registered with Look 

or Look_Enter in the user list. Encerable recurns True if 

t ne Term was registered with Look.Enter in the user list. 

function Users (TheJTerm : Term_Handle) return User.List; 
function bookable (TheJTerm : Term_Handle) return Boolean; 
function Encerable (The.Term : Term_Handle) return Boolean; 
function Inicializable (TheJTerm : Term_Handle) return Boolean; 


operations on Term.ID arrays 

function Id.Array (TheJTerm ; Term.Handle) return Boolean; 
function Length (The.Term.Array ; Term.Handle} return Natural; 
function Label (The JTerm_Array : Term.Handle; Index ; Natural := 0) 
return String; 

function Index (The.Term.Array : Term.Handle; Label ; String := **) 
return Positive; 
function In_Array 

(TheJTerm ; Term_Id; The_Term_Array : Term_Id) return Boolean; 
function Term (The_Term_Array : Term_Id; Index : Positive) return Term.Id; 
function Term (The.Term.Array : Term_Id; Label : String) return Term_Id; 
function Term (The_Term_Array : Term.Handle; Index : Positive) 
return Term.Handle; 

function Term (The.Term.Array : Term_Handle; Label ; String) 
return Term_Handle; 


— Index operations. 

procedure Add.Index (The.Term : Term.Handle; Index : Set .Natural. 3 2 ; 
function The.Index (The.Term : Term.Handle) return Term.Index; 

If che Term.ID ha* not been 'Connect '-ed, the Read.Address 

— function return* Null_Address . 

function Read ^Address (The.Term : Term.Handle) return System. Address; 
function frafix.Comp (The.Term : Term.Id) return Component .Id; 

-- operation* on Mesaage.ID objects. 

procedure Create_Symbols (The_Message : in out Message.Id; Parent : String) 

Convert's String argument must contain an Alphanumeric version 

— of the ID { 'Robotics. SPDM. Arm(2) . IF.Packetl*) . 
procedure Convert (St ring .Message : String; 

The.Message : out Message.Id; 

The .Handle : out Message.Handle) ; 
function Convert (String.Message : String) return Message.Id; 
function Convert ( S t r i ng_Mes sage : String) return Message .Handle; 
function Handle (Of.Message : Message.Id) return Message.Handle; 
function Build (Comp : Component.Id; Msg ; Message.Id) return Message.Id; 
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funct-on Image ' 2 : .Message : Message.!! re~ .rr. String; 
function Value ( I: .String : String: return Message.Id; 

i 

function The.Ccmpc nent (The .Message : Message. Id: return Component.: d ; 

rune cion Full. Name (The.Message : Message.:!) return String; 
function The.Name [The.Message : Message .Handle: return String; 
function Size (The .Message : Message .Handle) return Natural; 
function Safestore ; The .Message : Message .Handle) return Boolean; 

function Prefix. Comp (The .Message : Message.Id) return Component. Id ; 

-- Operations on Type .ID objects. 

procedure Create.Symbols (The.Type : in out Type.Id; Parent : String) ; 

-- Convert's String argument must contain an Alphanumeric version 

— of the ID { 'Robotics . Posit ion.Vector'} . 
procedure Convert {String.Type : String; 

The.Type : out Type.Id; 

The.Handle : out Type.Handle) ; 
function Convert {String.Type : String) return Type.Id; 
function Convert (String.Type ; String] return Type.Handle; 
function Handle (Of .Type : Type.Id) return Type.Handle; 
function Build (Comp : Component.Id; Typ : Type.Id) return Type.Id; 
function Image (Of.Type : Type.Id) return String; 
function Value (Of.String : String) return Type.Id; 

function The .Component {The.Type ; Type.Id) return Component.Id; 
function Full .Name (The.Type : Type.Id) return String; 
function The. Name (The.T ype : Type.Handle) return String; 
function The.Tag (The.Type : Type.Handle) return Type .Tag; 
function Is.Subtype (The.Type : Type.Handle) return Boolean; 
function St ring.Length (The.Type : Type.Handle) return Natural; 
function Size (The.Type ; Type.Handle} return Natural; 

— The following functions are useful for Enum.Tag'd Type.IDs; they 
-- provi : access to the information related to Labels, 'Pos-like 
-- indexes, and representation values. A 'Label' is a string that 
-- stands for an enumeration literal. An 'Index' is a numeral that 
-- represents the position of a literal within the enumeration list 

— [the kind of value returned by Enum.Type' Pos (Literal) ] . A 'Value' 

— is the representation numeral supplied with an enumeration 

— representation clause. Because Enum.Type' Pos starts with zero (0), 

— the DIS uses zero as the index to the first element of the 

— enumeration type.id; the label list array starts its index as zero 

— also. This contrasts with the indexes for labels of term, component 

— and malfunction identifier arrays, which start at one. 

-- o Label returns* a String value given an number which (1) is 

used fi in Index into a list of label strings, if no Value.List 
was supplied during Register.Type; or (2) is used as a Value 
if a Value.List was supplied. 

— o Label.Index returns a 'Pos-like Index for enum tag'd types. 

— o Labei.Value returns a 'Pos-like Index if the Type.ID 

was registered without a Value.List parameter, or the appropriate 
representation value id there is an associated Value.List. 

-- o Value.Index returns a ' Pos-like Index given a Value. 

— o Values returns a Value.List entity which is ndexed from zero. 

The enum type's 'Pos value directly accesses "he corresponding 
representat ioh vaT ue 7 - - - -- : — — - - : - ' » - ; 

function Number. Of. Labels (The.Type : Type.Handle) return Natural; 
function Label (The.Type : Type.Handle; Index : Natural) return String; 
function Label.Index 
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(The.Type : Type.Handle; Late! : String', recurn Natural; 

: unc cion La be 1 _Va 1 ue 

(The.Type : Type.Handle ; 1,3 cel : String) return Natural; 
function Val ue_Index 

(The Type : Type _Ha nd 1 e ; Value : Natural' return Natural; 
function VaLues (The.Type : Type .Handle; return Value_L.sc; 

function Low.Bound !The_Type : Type ..Handle) recur-. Sec . Integer _32 ; 
function High.Bound ,'The_Type : Type.Handle! recurn Sec . Ir.teger_32 ; 
fur.ccion Low_3our*d (The_Type : Type_Har.dle) recurr. Sec . Inceger_16 ; 
fur.ccion High.Bound (The.Type : Type_Handle) recurr. Sec . Inceger_16 ; 
funccion Lcw_Bound (The_Type : Type_Handle) recurn Sec . Ir.ceger_8 ; 
fur.ccion High_Bound (7he_Type : Type .Handle} recurn Sec . Inceger_8 ; 
funccion Low.Bound (The .Type Type .Handle) recurn Sec.Real_6; 

funccion High.Bound (The.Type : Type .Handle) recurn Sec.Real_6; 
funccion Low.Bound (The.Type : Type .Handle) recurn Sec .Real_15 ; 
funccion High.Bound (The.Type : Type .Handle) recurn Sec.Real.15; 
funccion Low.Bound (The.Type : Type.Handle) recurn Character; 
funccion High.Bound (The.Type : Type.Handle) recurn Character; 

— Operations on Mai funct ion.ID objects. 

procedure Create.Symbols 

(The.Malf : in out Mai f unct ion_Id; Parent : String) ; 

-- Convert's String argument must contain an Alphanumeric version 
-- of the ID {'Robotics .SPDM. Fail'} . 
procedure Convert (String_Malf ; String; 

The_Malf ; out Mai f unct ion.Id; 

The .Handle : out Mai funct ion.Handle ) ; 
function Convert (String_Malf i String) return Malfunctioned; 
function Convert (String.Malf : String) return Mai funct ion.Handle; 
function Handle (Of_Malf : Malfunctioned) return Mai funct ion.Handle; 
function Build (Comp : Component.Id ; Malf : Mai functioned) 
return Malfunctioned; 

funccion Image {Of_Malf : Mai funct ion.Id) return String; 
function Value (Of.String ; String) return Malfunctioned 

function The_Component (The.Malf ; Malfunctioned) return Component _Id; 
function Full.Name (The.Malf : Malfunctioned) return String; 
function The.Name (The.Malf : Mai function.Handle) return String; 
type Malf.Kind is (Sirnple.Malf , Opt ions.Mal f , Pl.Malf, Pl — P2_Malf) t 

function Kind (The.Malf ; Mai function.Handle) recurn Malf.Kind; 

function Opcions.Type (The_Malf : Mai funct ion.Handle) return Type.Handle; 
function Opt ion* .Address 

"Tf : {Theetolf : Malf unct ion.Handle) return System. Address ; 

'**:■ - 

functip© (The .Mai f : Mai funct ion.Handle) return String; 

function HJLow (Thejtelf ; Mai funct ion.Handle) recurn Set.Real.15; 
function Pl_Jtigh {The .Malf ; Mai funct ion.Handle) return Set.Real.15; 

function Pl.Type (The.Malf ; Mai funct ion.Handle) return Type.Handle; 

function Pl.Address (The.Malf : Mai funct ion.Handle) recurn System. Address; 

function P2_Nane (The.Malf : Mai funct ion.Handle) recurn String; 
function P2_Low (The.Malf : Mai funct ion.Handle) recurn Set. Real .15; 
function P2_High (The.Malf : Mai funct ion.Handle) recurn Set.Real.15; 

function P2_Type (The.Malf : Mai funct ion.Handle) return Type.Handle; 

function P2_Address (The.Malf ; Mai funct ion.Handle) return System. Address ; 

function Active .Address 

(The.Malf : Mai funct ion.Handle) recurn System. Address; 
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function Szz red T'r.e_Mal : Ma 1 funct ion_Handle ; re cum Hoc lean; 

function Id_Array ;The_Malf : Mai funct ior._Kandie‘ recum Boolean; 

» 

fur.c c ion Length ' ?he_Mai f_Ar ray : Ma 1 :u r.c cion _Ka r.c 1 e ; return Positive; 
function Label Tr.e_MaI f _Array : Mai funct ion_HandIe; Index ; Natural ;= 0) 
return String? 

function Index ( The_Malf _Array : Mai funct ion_Handle ; Label : String := 
return Positive; 
f u n c tier. I n _Ar r ay 

»The_MaIf : Mai funct ion_Id; The_Ma I f_Array ; Malfunctioned) 
return Boolean; 

function Mai: (The_Ma I f_Array : Mai funct ion_Id; Index : Positive) 
return Maif unction_Id; 

function Maif {The_Ma 1 f_Array : Mai funct ion_Id; Label ; String) 
return Mai funct ion_Id; 

function Maif (The_Ma 1 f_Ar ray : Mai funct ion_Handle; Index : Positive) 
return Mai funct ion_Handle ; 

function Maif {The_Mal f_Array Mai funct ion_Handle; Label : String) 

return Mai funct ion_Handle; 

function Pre:.x_Comp (The_Malf ; Malfunctioned) return Component _Id; 

-- Connect facilities (Dynamic augmentation of the DIS) 

— The DIS is augmented with dynamic information at run time. This 

— includes such things as the addresses of data items that 
-- are to be associated with identifiers and locations of models 

— in the network, 

— This adds address information to the identifier. Connect_Term adds 

— an address to a single term registered with the' DIS. However, 

— these Connects are also used for Term_Id arrays that map to an 

— Ada array. If Connect_AIl is True (default) and Term represents 
-- an ID array, only the address of the first element in the Ada array 

— need be supplied. The rest of the addresses will be calculated 

— by the DIS. This will only work if the Ada array is contiguous in 

— memory and the component addresses can be calculated using the 

-- address of the first. Connect_All is ignored if the term supplied 

— does not represent an ID array. If it is False, even if the Term 

— ID supplied represents an ID array, only one address & term will be 

— connected by the routine, 
procedure Connect_Term (Term : Term_Id; 

Address ; System. Address ; 

Connec t_Al 1 : Boolean : = False) ; 

— An alternate version of Connect_Term uses the symbol map 

— string to derive the address. It works exactly like the straight 
-- addreee version, including its behavior for Term_ID arrays, 
procedure Connect jferm (Term : Term_Id; 

Symbol : String; 

Connect_All ; Boolean ; * False); 

— Use this routine when the Term_ID array maps to a set of Ada terms 

— that are not contiguous in memory in such a way that Connectjrerm 

— can simply calculate all of the appropriate addresses using the 

— first one. The array of addresses must be the same length as the 

— previously registered term array, 
procedure Connect_Term_Array 

(Term_Array ; Term_Id; Addresses : Address_Array) ; 

— Connecting a malfunction means supplying the addresses for the 
-- parameters associated with. the maif. These are the addresses of: 

— 1) the PI parameter. 
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2) the ?2 parameter, 

3) che discrete options parameter, and 

4) che mal function active : lag 

-- Vse che version of Connect.Ma I function call below which permits 
-- che use of symbols. An address or symbol must be supplied for 

the parameters chat apply co a particular rca- c uncc ion. For 

__ example, if there is a PI parameter but no P2 parameter associated 

with a malfunction, and a Connect call is made for that malfunction, 

-- there must be an address or symbol for the first element in the 
-- array and a Nuli_Address and null symbol string for the second 
-- element. In all cases, an address or symbol is required for the 
active flag. Connect.Error is raised if these rules are violated. 

type Mai f. Addressable is (Pl.Addr, P2_Addr, Options.Addr , Accive_Addr) ; 
type Mai f.Addr esses is array (Mai f .Addressable) of System. Address ; 

— This procedure is obsolete. Phase it out and 

— use the version below instead, 
procedure Co nnect_Mal function 

{The_Malf : Malfunctioned; Addresses : Mai f_Addresses) ; 

— You can connect any malfunction parameter using a symbol or 

— using an address. If you supply a symbol for a particular 

— parameter, you may not supply an address, and vice versa. 

— However, you may supply a symbol for one parameter and an 

— address for a different parameter, 
procedure Connect_Mal function 

(The.Malf : Malfunctioned; 

Active.Symbol : String := 

PI .Symbol : String := 99 ; 

P2_Symbol : String := ' ' ; 

Options.Symbol * String :s **; 

Acti ve.Address : System. Address ;= Nuil.Address; 
Pl_Address : System. Address := Nuil.Address; 

P2. Address : System. Address ;= Nuil.Address; 

Options .Address : System. Address ;= Null_Address) ; 

— This call is not very useful; it doesn't seem to save much 

— coding over the Connect_Mal function call, is probably error-prone, 

— and doesn't have the advantage of checking against data in the 

— symbol table. It may be phased out in the future, 
procedure Connect.Mal f .Array 

(The.Ma if .Array : Malfunctioned; 

Active .Addresses : Address .Array; 

Opt ions. Addresses ; Address.Array : = Null_Address.Array ; 
PI .Addresses : Address_Array : = Null. Addresser ray; 
P2.Addresses : Address.Array := Null .Address. Array) ; 

— Adds location information (node and process ID) 

— to dm Cosponenc identifier. 

procedure Connsct.Prefix (To.Comp : Component.Id; Prefix.Name ; String) 


— Constants and magic numbers. 

— The maximum String length for String.Tag'd Type.IDs . 
Max.String : constant : = 40; 

— The maximum number of component levels. 

Max.Levels : constant 7; 

— The maximum number of identifiers that can be registered 
-- per level . 

Max.Components : constant := 255; 


11-41 


OR5Q5NAL PAGE tS 
OF fOOR QUALITY 


Max ..Terms : constant : = 55 535 ; 

MaxJTypes : constant := 2 55 ; 

Max.Messages : conscanc : = 255; 

Max.Ma 1 functions : cons cant : = 255 ; 

-- The DI3 identifier 3c ring length constants. 

Each CIS idencifier can be represented in :wc ways: as a 
-- sc ring or as a sec of inceger values. The Register. functions 

— provide che integer-set version to the registering application. 

-- Each identifer type has a Convert function which cakes a String 

— value and produces an idencifier type value (the integer-set) . 

-- The Full .Marne function takes an idencifier value and produces a 
-- String value. Examples of identifier string formats are: 

— comp.id . comp_id . term_id 

— comp. id .comp_id{ 3 ) . cype.id 

— comp_id . comp.id . term.id ( Lef t.Engine) 

— comp.id . comp.id ( 2 ) .comp.id (NW) . t erm.id 

— comp.id .comp.id .comp.id .... msg_id 

Each Componenc.ID in the string can be up to Max_Comp_Name 
— characters long. Each of the other identifiers can be up to 
-- Max.ID.Name characters long. Subscripts can be as long as 

— Max. Label. Name characters. 

Max.Label.Name : constant := 30; — max length for label names 

— this includes enumeration labels, and subscript labels for 

— identifier arrays (component, term, and malfunction types) . 

Max.Comp.Name ; constant := 20; — max length for component id names 

Max.Id.Name : constant := 40; — max length for other id names 

Max.Mal f.Name : constant : = Max.Id.Name - 2; 

-- Register.Mal function tacks on a '_x' suffix to malf-related terms 
Max.Sub type .Name : constant := Max.Id.Name - 3; 

— Regiscer_Subtype tacks on a '_xx' suffix to the base type name 

Max_Ful l.Name : 'nstant := 

(Max.Levels) , (Max.Comp.Name + 1) + (Max.Label.Name >2)) * 
Max.Id.Name t> (Max.Label.Name ♦ 2) ; 

— Max length for fully qualified identifier names. 

— Leave enough room for max levels of components. Each 

— component can be Max.Comp.Name * 1 (for the period) plus 

— the Ha x.La be 1 .Name 2 (for the parentheses). And then 

— Max.ID.Name chars for the lowest level of identifier plus 

— Max.Label.Name +• 2 . 

— PacJu«pi jiavigatg is used by tools bhat need to traverse the 

— memo Ty-nmt dent DIS tree. 

package Navigate is 

— Get the head DIS handle. 

function Head return Component.Handle ; 

— Get che handles for the child lists, 
function Comp_Children (Comp : Component.Handle) 

return Component.Handle; 

function Type.Children (Comp : Component .Handle) return Type.Handle; 
function Term.Children (Comp : Component .Handle) return Term.Handle; 
function Msg.Children (Comp : Component .Handle) return Message.Handle; 
function Mai f.Children (Comp : Component .Handle) 

return Mai function.Handle; 


(simplest form) 

( i nde xed "by 1 . . Lengt h ) 

{indexed, user-def labels) 
mix 'n' match 'em) 

(up to Max.Level Component.IDs) 
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-- 3e c the *r.ex; * handle in list. "Next* loo<s at only the first 
-- handle of an ID array; "Next!* looks at all nar.dles. 
function Next (Comp : Component .Handle) return Component .Handle; 
function Nextl {Comp : Component .Handle) return Component .Handle; 
function Next (Typ : Type.Handle) return Type.Handle; 
function Next (Term : Term.Handle) return Term.Handle; 
function Nextl (Term : Term.Handle) return Term.Handle; 
function Next (Msg : Message .Handle ] return Message.Handle; 
function Next (MaLf : Mai funct ion.Handle) return Mai funccion.Handle ; 
function Nextl 'Malf : Mai f unc tion.Handle) return Mai funct ion.Handle ; 

-- Don't try to go past the end of a list, or you'll get the 
-- Null.Error. Compare handles returned from Navigate' s routines 

— to the Null_<ID.Type>_Handle constants declared at the top 

— of the DIS package spec. 

end Navigate; 
private 

— hidden from sight 
end Dis; 

Abstract: The DIS is used to create a set of logical names for 
off-line and inter-model data references. The DIS 
internal data-base can be loaded in one of two ways: 
through the elaboration of packages defining identifiers, 
or by loading a file which contains the previously- 
stored state of the DIS. The first method is for 
real-time models, the second is for off-line tools. 

Models connect their data variables to the DIS logical 
names with the 'Connect* routines. 

Warnings: Be sure to follow all the rules for DIS *_Defs* package 
creation. The DIS assigns identifier values In a strict 
order indepencent of the elaboration order of the .Defs 
packages; this scheme only works if the rules are followed. 
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8.5. SSTF.Defs 


with Dis, Std.Eng.Types , Scd.Sng.Uni cs : 
package Sscf.Defs is 

package Sec renames Std.Eng.Types ; 

— The cep- level 'Component .IDs * 


Robotics : conscanc Dis . Component.Id := 

Dis . Reg i seer _Componenc (Dis . Nul l_Component , 'Robocics*); 

Environment : conscanc Dis . Co mponenc.Id := 

Dis . Register.Componer.c (Dis . Nul 1 .Component , 'Environment'); 

Usad : constant Dis . Component.Id Dis . Regis ter.Component 

( Dis . Nul 1. Component , 'Distributed' ) 


Usav : constant Dis -Component _Xd := 

Dis . Reg is ter.Component (Dis . Nul 1 .Component , 
Obcs ; constant Dis . Component.Id :s 

Dis . Register .Component (Dis . Null .Component , 
Visual : constant Dis .Component_Id := 

Dis . Register.Component (Dis . Null_Component , 
Nts : constant Dis .Component .Id := 

Dis . Register.Component (Dis . Nul 1 .Component ( 
Rts : constant Dis .Component.Id := 

Dis .Register.Component (Dis .Null. Component, 
los : constant Dis . Component _Id := 

Dis . Register_Component (Dis .Null. Component , 
Ops.Tools : constant Dis .Component .Id := 

Dis . Regis ter_Component (Dis .Null .Component , 
Sac : constant Dis . Component.Id := 

Dis .Register.Component (Dis .Null .Component , 


•USAV*} ; 


•CSCS') ; 


'Visual') ; 

•ws m ) ; 

'RTS') ; 

•IOS*) ; 
'Ops.Tools') ; 
'SAC') ; 


— The top-level 'Type_ID«' (and type tags renamed from DIS) , 

package Bf is new Dis . Enum.Funct ions (Boolean) ; 

Boolean ; constant Dis.Type_Id 

Dis . "egister.Type (Dis .Null .Component , 'Boolean', D ’''um.Tag, 
Labels => Bf. Labels, 

Size => Bf .Size) ; 


Character ; conscanc Dis.Type.Id 

Dis .Regis ter_Type (Dis .Null .Component , 'Character*, Dis .Character.Tag, 
Low.Bound => (1 - > Ascii. Nul), — ascii 0 
High.Bound => (1 => Ascii. Del)); — ascii 127 


Graphic .Character : constant Dis.Type.Id 

Dis -Register .Subtype (Dis .Null. Component , 

----- Base => Character, 

• Name => 'Graphic.Character ' , 

Low_Bound => ' ' , — blank 

High.Bound => ' - ' ) ; — tilde 

— Logical types for the Fortran guys; use the Boolean labels. 


Logical.l ; constant 
Dis .Regis ter .Type 


Logical_2 : constant 
Dis .Regis ter .Type 


Logical_4 : constant 


Dis.Type.Id : = 

(Dis .Null. Component , 'Logical.l', 
Labels => Bf.Lacels, 

Size => 8) ; 

Dis.Type.Id : - 

(Dis .Null .Component , 'Logical.2*, 
Labels -> Bf. Labels, 

Size -> 16) ; 

Dis.Type.Id : = 


Dis .Enum.Tag, 


Dis. Enum.Tag , 


Dis . Regis' er.Type (Dis .Nul I .Component , "Logical .4 * , Dis . Enum.Tag, 

Labels => Bf. Labels, 

31 ze j => 32); 

-- Standard Engineering Types 

Inceger.3 : constant Dis.Type.Id := 

Lis . Reg: ster.Type 'Dis .Null. Component , 'Inceger.8', Dis . 3yte_Tag) ; 

Natural .8 : constant Dis.Type_Id := 

Dis .Regi ster.Type 'Dis .Null .Component, " Natural .3 ' , Dis . Byte.Tag, 
Low.Bound => "O') ; 

Positive. 9 : constant Dis.Type_Id := 

Dis .Regi ster.Type (Dis . Nul 1 .Component , * Positive .0 ' , Dis . ByteJTag , 

Low_Bound => '1'); 

Inceger_l6 : constant Dis.Type.Id := 

Dis . Register_Type (Dis . Nul l_Component , ' Inceger_16' , Dis . Short_Tag) ; 

Natural_16 : constant Dis.Type.Id 

Dis . Register_Type ( Dis . Null .Component , 'Natural_16 • , Dis .Short .Tag, 
Low.Bound => '0'); 

Positive.16 : constant Dis.Type.Id := 

Dis . Regis ter .Type (Dis . Nul l.Component , 'Positive .16 ' , Dis .Short.Tag, 
Low.Bound => * 1 ' ) ; 

lnteger_32 : constant Dis.Type.Id := 

Dis . Regis ter. Type (Dis . Nul 1 .Component , ■ Integer.32 ' , Dis . Integer.Tag) ; 

Natural_32 : constant Dis.Type.Id : =• 

Dis . Regis ter. Type (Dis . Null. Component , 'Natural.32 * , Dis . Integer.Tag, 
Low.Bound => '0') ; 

Posi ti ve_32 : constant Dis.Type.Id := 

Dis . Regis ter.Type (Dis .Nul 1 .Component , 'Positive_32', Dis . Integer.Tag, 
Low.Bound => '!*) ; 

Real_6 : constant Dis.Type.Id := 

Di s . Regi ster. Type (Dis , Null .Component , 'Real_6', Dis . Float.Tag) ; 

Real.15 ; constant Dis.Type.Id :r 

Dis .Regis ter .Type (Dis .Nul l.Coirponent , 'Real.15', Dis .Double.Tag) ; 

-- other types from SET 

package Af is new Dis . Enum.Funct ions (Sec . Active.Inactive) ; 

Active.Inact i ve ; constant Dis.Type.Id := 

Dis .Regi ster.Type (Dis .Null. Component , ' Act ive .Inactive' , Dis . Enum.Tag, 

Labels => Af. Labels, 

Size => Af .Size) ; 

package Aat is new Dis . Enum.Funct ions (Set . Actual.Sensed) ; 

ActualjS*I*B*d : constant Dis.Type.Id : = 

Dis .Regis ter.Type (Dis .Null .Component , 'Actual.Sensed', Dis .Enum.Tag, 

— Labels => Ast. Labels, 

Size => Ast .Size) ; 

package Aut is new Dis . Enum.Funct ions ( Set . At tached.Unat cached) ; 

At cached .Unat cached : constant Dis.Type.Id := 

Dis . Regi ster.Type (Dis . Nul 1 .Component , 

'Attached .Unattached' , Dis . Enum.Tag, 

Labels => Aut. Labels, 

Size => Aut .Size) ; 

package Avf is new Dis . Enum.Funct ions ( Set . Available.Unavailable) ; 

Availabile.Unavailable : constant Dis.Type.Id := 

Dis .Regis ter .Type (Dis .Null .Component , 

•Availabile.Unavailable' , Dis .Enum.Tag, 
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Lacels = > Avf. Labels, 

Size => Av: .Size) ; 

package 3zf is new Dis . Enum_Funcc ions ' Sec . 3usy_Noc_3usy) ; 

3usy_Noc_Susy : conscanc Dis.Type_Id : - 

Dis . Regi seer JType (Dis .Null jDcmponenc , *Busy_Noc_3usy* , Dis . EnumJTag, 
Labels => 3zf. Labels, 

Size -> Bz Size); 

package Zncz is new Dis . Enum_Func cions (Sec . CIosed_Noc_Closed) ; 

Closed_Noc_CIosed : constanc Dis.Type_Id := 

Dis . Register JType (Dis . Null ^Component , *Closed_Not_Closed* , Dis . EnumJTag, 
Labels => Cncc. Labels, 

Size -> Cncc .Size) ; 

package Unc is new Dis . Enum_Func cions (Sec .Connecced_Unconnecced) ; 

Co nr.ec ced_Unconnec ced : conscanc Dis.Type_Id : = 

D: 3 .RegiscerJType (Dis . Nul l_Component , 

'Connec-. -d ^Unconnected* , Dis . EnumJTag, 

Labels nc. Labels, 

Size = .Size) ; 

package Cf is new Dis.Enum_F’ cions (Sec . Complece_Incomplete) ; 

Complece_I ncomplece : conscanc Dis.Type_Id := 

Dis. Reg i s te r JType 

{Dis . Nul l_Componenc , *Complece_Incomplece* , Dis . EnumJTag, 

Labels -> Cf. Labels, 

Size => Cf .Size) ; 

package Ef is new Dis . Enum_Funct ions (Set . Ernpty_Nbc jEmpty) / 

Empcy_Noc_Empcy ; conscanc Dis.Type_Id :a 

Dis .RegiscerJType (Dis .Null jComponenc , *Empty_Not_Empty*, Dis .EnumJTag, 
Labels => Ef, Labels, 

Size => Ef .Size) ; 

package Enc is new Dis . Enum_Func cions (Sec . Enabled_Disabled) ; 

Enabled ^Disabled : conscanc Dis.Type_Id : = 

Dis . RegiscerJType (Dis . Null jComponenc , *Enabled_Disabled* , Dis . EnumJTag, 
Labels => Enc. Labels, 

Size => Enc .Size) ; 

package Gnf is new Dis . Snum_Func Cions (Sec .Go_No_Go) ; 

Go _No _Go : conscanc Dis.Type_Id 

Dis .Register JType (Dis .Null ^Component , *Go_No_Go # , Dis . EnumJTag, 

Labels => Gnf. Labels, 

Size => Gnf. Size); 

package is new Dis . Enum_Func cions (Sec . InJTune_Not _InJTune) ; 

I n JTune sJTunrf : conscanc Dis.Type_Id : = 

Dis. Register _Type 

(Dis.llttIl_Cofflponenc, *In_Tune_Noc _In_Tune* , Dis . EnumJTag, 

Labels => Tf. Labels, 

Size => Tf .Size) ; 

package loc is new Dis . Enum_Func cions (Sec . Inpuc_Output ) ; 

Inpuc_Oucpuc : conscanc Dis.Type_Id := 

Dis .Regiscer JType (Dis . Null jDomponenc , *Inpuc_Output*, Dis .EnumJTag, 
Labels => lot. Labels, 

Size => loc .Size) ; 

package Inc is new Dis . Enum_Func cions (Set . Ios_Nominal ) ; 

Ios_Nominal : conscanc Dis.Type_Id := 

Dis .RegisCer_Type (Dis .Null_Componenc , *Ios_Nominal # , Dis . EnumJTag, 
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La cels => I nc - Labe. s , 

Size => Inc .Size: ; 

ackage Cnf is new Dis . Enum_?unc cions • Sec .On.ot * ; 

djji i : constant Dis.Type.Id : = 

- 13 Regis ter .Type (Dis . Null .Component , * On.C it* , Dis . Sr.um.Tag, 

Labels => Gnf. Labels, 

Size => Onf .Size) ; 

ac:<a?e Cpf is new Lis . Enum.Funccions ( Sec . Qpen.Closed) ; 

per..Clcsed : conscanc Dis.Type.Id : = 

Dis . Regis ter. Type ( Dis . Null. Component , *Oper._Closed* , Dis . EnumJTag, 
Labels => Op f. Labels, 

Size => Cpf .Size) ? 

package One is new Dis . Enum.Funccions (Sec . Open_Noc_Open) ; 

Open_Noc_Open : conscanc Dis.Type_Id := 

Dis .Regiscer_Type (Dis . Null_ComponenC , *Open_Noc_Open*, Dis . EnumJTag, 
Labels = > One. Labels, 

Size => One .Size) ; 

package Ovc is new Dis . Enum_Funcc ions (Sec .Override_Not_Override) : 

Over ride_Noc_Over ride : conscanc Dis.Type_Id := 

Dis . Register.Type (Dis .Null .Component , . .. 

* Over ride.Not .Override* , Dis . Enum.Tag, 

Labels = > Ovc. Labels, 

Size => Ovc .Size) ; 

package Pdf is new Dis. Enum.Func cions { Sec . Pend ing.Not. Pending) ; 

Pendi ng_No c .Pending : conscanc Dis.Type.Id • - 
Dis . Register JType (Dis .Null .Component , 

•Pend ing.Not .Pending* , Dis .EnumJTag, 

Labels => Pdf. Labels, 

Size => Pdf .Size) ; 

package Pf is new Dis . Enum_Func cions (Sec . Present.Absent) ; 

Presenc _Absenc : conscanc Dis. Type. Id := 

Dis . Regiscer_Type (Dis .Null_ComponenC , *Present_Absent*. Dis . Enum_Tag, 
Labels => Pf. Labels, 

Size => Pf .Size) ; 

package Rsc is new Dis .Enum.Funccions (Sec .Resec_Noc_Resec) ; 

Resec _Noc_Resec : conscanc Dis. Type _Id := 

Dis .Regiscer JType (Dis .Null .ComponenC , *ReseC_Noc_Re ef, Dis. EnumJTag 
Labels -> Rst. Labels, 

Size => RsC.Size); 

package Rf in new Dis . Enum_Func cions ( Sec . Right.Wrong) ; 

Right .WroiiQ : conscanc Dis.Type.Id := 

Dis.TUgtiterJTyP® (Dis .Null .Component , -Right.Wrong*, Dis .EnumJTag, 
Labels => Rf. Labels, 

— - - Size => Rf .Size) ; 

package SbC is new Dis . Enum.Funct ions (Sec .Scale.Bias) ; 

Scale.Bias : conscanc Dis.Type.Id : = 

Dis . Register _Type (Dis .Null .Component , -Scale.Bias*, Dis . Enum_ ag, 
Labels => Sbc . Labels, 

Size => Sbc .Size) ; 

package Syc is new Dis . Enum.Funct ions ( Set . Sync .Not.Sync) , 

Sync _No c _S ync : conscanc Dis.Type_Id 

Dis. Reg i s c e r _Type (Dis .Null .Component , * Sync _Noc_ Sync * , Dis . EnumJTag, 

Labels => Syc. Labels, 

Size => Syc .Size) ; 
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ca : cage Jit is new Dis. Er.um_Fur.c 112 ns ; Sec . Unlocked 
■Jnioc ked_loc ked : no ns cane Dis.Type_1d : = 

Dis. Register JType (Dis . Nul l_Co mpe nenc , ' U nl oc ked 
Labels => Ult. Labels, 

Size => Lie .Size: ; 

— Sc ring c ype s 

Assess : ccr.sc a nc Dis. Type_Id : = 

Dis . Register JType 

(Dis . Null jDompo nenc, 'Assets*, Dis .StringJTag, Size => 12); 

Nodes : constant Dis.Type_Id := 

Dis . Register_Type 

(Dis . Null JDompo nent , 'Nodes', Dis . St ring JTag, Size => 12); 

Sessions : constant Dis.Type_Id ;s 
Dis . Register JType 

(Dis .Null JDompo nent, 'Sessions', Dis . StringJTag, Size => 12); 

-- Standard Engineering' Units 

-- Mostly consists of 'renames' of earlier Type_IDs . Note that the 
-- string displayed for such renamed entities is the name given for 

— the original type identifier, which is not the same as the Ada 

— name below. 

Time types 

Seconds : constant Dis.Type_Id := 

Dis .Register JType (Dis .Null Component , 'Seconds', Dis . FloatJTag) ; 
Microseconds : constant Dis.Type_Id :s 

Dis . Register JType ( Dis . Nul ^Component , 'Microseconds', Dis .FloatJTag) ; 
Milliseconds : constant Dis.Type__Id : = 

Dis . Register JType (Dis .Null ^Component, 'Milliseconds', Dis . FloatJTag} ; 
Minutes : constant Dis.Type_Id ; = 

Dis .Register_Type (Dis . Null jTornpo nent , 'Minutes', Dis . Float JTag) ; 

Hours : constant Dis.Type_Id := 

Dis . Register JType (Dis .Nul 1 .Component , 'Hours', Dis .Float JTag) ; 

Days ; constant Dis.Type„Id := 

Dis .Regis ter JType (Dis .Null ^Component , 'Days', Dis .FloatJTag) ; 

Days_Dp : constant Dis.Type_Id 

Dis .Register JType (Dis .Nul l_Componenc , 'Days_DP', Dis .DoubleJTag) ; 

Physical types (are you the ... ?} 

Meters s constant Dis.Type_Xd := 

Dis . Register JTypa (Dis .Null ^Component , 'Meters', Dis .FloatJTag) ; 
MetersJJp : constant Dis.Type_Id : = 

Dis. Register JType (Dis .Null .Component , 'Meters JDP', Dis .Double JTag) ; 
Square Jtoters : constant Dis.Type_Id : = 

Dis . RegistexjType (Dis .Null .Component , 'Square_Mecers' , Dis . Float JTag) ; 
Cubic_Meters : constant Dis.Type_Id := 

Dis .Regis ter JType (Dis .Nul l_Component , 'Cubic_Meters', Dis . Float JTag) ; 
Meters_Per_Second ; constant Dis.Type_Id ;= 

Dis .Regis ter_Type (Dis .Null ^Component , 

'Meters_Per_Second' , Dis . FloatJTag) ; 
Meters_Per_Second_Dp ; constant Dis.Type_Id ;= 

Dis . Regis ter JType (Dis.Null_Component, 

'Meters_Per_Second_DP' , Dis .DoubleJTag) ; 

Meters_Per jSecondjSquared ; constant Dis.Type_Id := 

Dis . Regis ter JType (Dis . Nul l_Compo nenc , 

'Meters_PerjSecondjSquared' , Dis . FloatJTag) ; 


...Locked) ; 

_Loc;<ed', Els. Er.uT._Tag , 
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Meiers _?er .Second .Squared.Cp : conszar.: 3 : s . Type.Id : - 
Sis . Register _7ype (Dis . Nul 1 .Component , 

* Meiers Fer Second. Squared. Dr * , Dis .Double.Tag ) ; 

■ — 

Reciprocal .Meters : constant Dis .Type.Id : = 

Drs . Reg is ter .Type (Dis .Null .Component, 

"Rec iprocal _Meie rs * , Dis . Float .Tag] ; 

Xi 1 igrams : cir.s: anc Dis.Type.id : = 

Dis. Reg i s i e r .Type (Dis . Null ..Component , 'Kilograms', Dis . Float.Tag; ; 

K i i og r a ms.Xe 1 vi r. : constant Dis.Type.id : = 

Dis . Regi s ter.Type (Dis . Nul l.Componenc , 

'Ki lograms.Kelvin' , Dis . Float.Tag) ; 

Ki Lograms.Square.Mecer : conscanc Dis.Type.id : = 

Dis .Register JType (Dis . Nul l.Componenc , 

*Ki lograms.Square.Meter' , Dis . Float.Tag) ; 

Kilograms .Per.Cubic.Mecer : conscanc Dis.Type.id := 

Dis . Regiscer_Type (Dis . Nul l.Componenc , 

'Kilograms _Per_Cubic.Meter' , Dis . Float.Tag) ; 

KiIograms_Per.Cubic_Meter.Dp : conscanc Dis.Type_Id := 

Dis . Regis ter.Type (Dis . Nul l.Componenc , 

'Kilograms.Per_Cubic_Meter.DP' , Dis .Double.Tag) ; 

Cubic.Meters.Per.Kilogram .? conscanc Dis.Type.id : = 

Dis .Regiscer_Type (Dis . Null_ComponenC , 

•Cubic.Meters.Per.Ki logram' , Dis . Float.Tag) ; 

Joules : conscanc Dis.Type.id := 

Dis . RegisCer_Type (Dis . Nul l.Componenc , 'Joules', Dis . Floac_Tag) ; 

Joules.Per .Kelvin : conscanc Dis.Type_Id := 

Dis . Register.Type (Dis . Null .Component , 

' Joules.Per.Kel vin' , Dis . Float.Tag) ; 

Joules .Per.Kilogram.Kel vin : conscanc Dis.Type.id : = 

Dis .Regiscer_Type (Dis .Null .Component , 

'Joules_Per_Kilogram_Kelvin' , Dis . Float.Tag) ; 

Moles : conscanc Dis.Type_Id : = 

Di s . Reg i seer _Type ( Dis .Null .Component , 'Moles', Dis . Float.Tag) ; 

Moles.Per.Cubic.Meter : conscant Dis.Type.id := 

Dis . Regiscer JType (Dis .Nul l.Componenc , 

'Moles.Per.Cubic.Meter', Dis . Float.Tag) ; 

Newcons : conscant Dis.Type.id := 

Dis .Register JType (Dis .Null_Componene , 'Newtons', Dis . FloacJTag) ; 

Newtons.Dp : constanC Dis.Type_Id := 

Dis . Regiscer_Type (Dis .Null.Component , 'Newtons.DP', Dis . DoubleJTag) ; 

Newton_Mecers : constant Dis.Type_Id := 

Dis . Regiscer JType (Dis . Null.Component , 'Newton.Meters' , Dis . Float JTag) ; 

Newt on.Me ter s_Pp : constant Dis.Type_Id : = 

Dis .Jtogi stsr_Typ« (Dis.Null_Component, 

^ 'Newton.Meters.DP' , Dis.Double.Tag); 

Newt orvj^ttsrsjis ter : constant Dis.Type_Id : = 

Dis.Jto^i*tsr_Type (Dis . Null .Component, 

'Newtons.Square.Meter*, Dis . Float.Tag) ; 

Newtons. Per. Meter : constant Dis.Type.id : s 
Dis . Regis ter.Type (Dis . Null .Component , 

'Newtons .Per .Meter' , Dis . Float.Tag) ; 

Pascals : conscanc Dis.Type.id := 

Dis . Regiscer .Type (Dis . Nul l.Componenc r 'Pascals', Dis .Float.Tag) ; 

Pascal s.Per .Second : conscant Dis.Type.id := 

Dis . Regiscer.Type (Dis .Null .Component , 

' Pascals.Per.Second' , Dis . Float.Tag) ? 

Degrees : constant Dis.Type.id ;= 

Dis . Regiscer.Type (Dis .Nul l.Componenc , 'Degrees', Dis. Float.Tag) ; 
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Cegrees.Dp : constant Dis. Type. Id : = 

Dis . Reg: scer.Tyre ;D:s . Nul i.Cornccr.en:: , 'Degrees.DF' , pis.Double.Tag:; 

Degrees.Per .Second : constant Dis.Type.Id : = 

Pis . Reg: ster.Type [Dis . Null _lo mpc r.en c , 

* Degrees _?er_Sec ; r.d" , Dis . F 1 oat .Tag) ; 

Degrees_?er_5eccnd.Dp : constant Dis.Type.Id : ^ 

Dis. Reg: s cer .Type ( Dis . Nu 1 1 _Co mpc rent , 

•Degrees _Per_Second_D?' , Dis . Double.Tag) ; 

Degrees .rer.Ceccnc.Squared : constant Dis. Type.I d := 

Dis . Register.Type (Dis ul I .Component , 

*D«- . -ees.Per.Second.Squared' , Dis . Float.Tag) ; 

Degrees _Pe r_5econd.3quared.Dp : constant Dis.Type.Id ; = 

Dis . Register.Type {Dis . Nul 1 .Component , 

•Degrees_Per.5econd_Squared.DP', Dis . Double.Tag) ; 

Radians : constant Dis.Type_Id := 

Dis . Register_Type {Di s . Nul l.Component , 'Radians', Dis . Float .Tag) ; 

Radians_Dp : constant Dis . Type. Id : = 

Dis . Register.Type , Dis . Nul l.Component , "Radians _DP', Dis .Double.Tag) ; 

Radians_Per_Second : constant Dis.Type.Id :s 
Dis . Register_Type (Dis . Nul l.Compo cent, 

•Radi a ns .Per .Second' , Dis . Float.Tag) ; 

Radians.Per.Second.Dp : constant Dis.Type.Id := 

Dis . Register.Type (Dis . v * -1 ^Component , 

'Rad, ans.Per.Second.DP' , Dis .Double.Tag) ; 

Radians.Per.Second.Squared : constant Dis.Type_Id := 

Dis .Register.Type (Dis .Nul l.Component , 

•Radians.Per.Second.Squared' , Dis . Float.Tag) ; 

Radians_Per.Second_Squared_Dp : constant Dis.Type.Id := 

Dis . Register.Type (Dis . Nul l.Component , 

'Radians_Per_Second_Squared_DP # , Dis .Double.Tag) ; 

Steradians ; constant Dis.Type.Id := 

Dis . Regis ter.Type (Dis .Nul l.Component , 'Steradians', Dis -Float.Tag) ; 

Steradians _Per_Second : constant Dis.Type.Id :a 
Dis . Register_Type (Dis .Nul l.Component, 

'Steradians.Per.Second' , Dis . Float.Tag) ; 

Steradians.Per.Second.Squared : constant Dis.Type.Id := 

Dis . Register_Type (Dis .Nul l.Component , 

'Steradians.Fer.Sec- - i .Squared', Dis .Float.Tag) ; 

Watts : constant Dis.Tyr-.ld : = 

Dis . Register_Type (D >■ . Null_Component , r itts', Dis -Float.Tag) ; 

Kilowatts : constant D: Vpe.Id : = 

Dis . Register.Type { 1 Rul l.Component, 'Kilowatts', Dis . Float.Tag) ; 

Watts.Per.Square.Meter instant Dis.Type.Id := 

Dis .Register.Type (D.s .Nul l.Component , 

'Watts.Per.Square.Meter ' , Di9 . Float .Tag) ; 

Wat ts.PerjSte radian : constant Dis.Type.Id := 

Dis . r JTy^e (Dis .Null .Component , 

" w ^?- 'Watts.Per.Steradian' , Dis . Float.Tag) ; 

Watts.Per_Pquere_)feter_Steradian : constant Dis.Type.Id := 

Dis .Register .Type (Dis .Null. Component , 

'Watts. Per.Square.Meter.Steradian' , Dis . Float.Tag) ; 




English types 


Inches : constant Dis.Tyre.Id := 

Dis . Regis ter .Type (Di . -all .Component , 
Inches. Dp : constant Dis pe.Id :s 

Dis .Regis ter .Type (Dis .Null .Component , 
Square.Inches : constant Dis.Type.Id :s 
Dis . Regis ter. Type (Dis . Null .Component , 
Cubic.Inches : constant Dis.Type.Id :s 
Dis . Reg is ter .Type (Dis .Null.Component , 


'Inches', Dia .Float.Tag) ; 
'Inches.DP', Dis .Double.Tag) ; 
•Square.Inches', Dis . Float.Tag) ? 
'Cubic.Inches', Dis . Float.Tag) ? 
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Feet * , Dis . Float.Tag) ; 


Feet: : cons:a r.t Dis.Type.Id : = 

Dis .Register.Type : Dis . Nui l.Component , ' 


Feet.Dp : constant Ois . Type .Id : = # 

Ois . Register.Type [Ois . Nui L.Component , 
3~ua rejeec : conscanc Dis .Type.Id : = 

Ois. Regi ster_Type [Dis . Nui i .Component , 
Square.Feet.Dp : constant Dis.Type.Id := 
Ois . Regis ter.Type ; Ois . Nui l.Component , 
Cubic.Feet : constant Dis.Type.Id : = 

Dis . Register.Type [Dis . Nui l.Component , 


'Feec.OP* , Di s . Double.Tag; ; 
'Square.Feet * , Dis . Float .Tag) ; 
'Square.Feec.DP*, Dis . Double.Tag) 
'Cubic.Feet * , Dis . Floac_Tag} ; 


Cubic .Feet.Dp : constant Dis.Type.Id := 

Dis . Register.Type • Dis. Nui l.Component, 'Cubic.Feet.DP' , Dis . Double.Tag] ; 
Feet .Per .Second : constant Dis.Type.Id : = 

Dis . Register_Type [Dis . Nui l.Component ( 'Feet.Per.Second' f Dis . Float.Tag) 
Feet _Fe r _S ec o nd_Dp : constant Dis.Type.Id 
Dis . Register.Type ( Dis . Nui l.Component , 

•Feet.Per_Second.DP', Dis . Double.Tag) ; 
Feet.Per.Second.Squared : constant Dis.Type.Id := 

Dis . Regis ter.Type [Dis . Nui L .Component , 

'Feet.Per.Second.Squared' , Dis . Float.Tag) ; 

Feet .Per.Seco nd.Squa red.Dp • constant Dis. Type. Id i- 
Dis . Regis ter.Type (Dis . Null. Component , 

* Feet .Per _Second.Squared.DP* , Dis .Double.Tag) ; 


Miles : constant Dis.Type.Id := 

Dis . Register.Type (Dis . Null .Component , 'Miles*, Dis . Float.Tag) ; 
Miles.Per.Hour : constant Dis.Type.Id := 

Dis . Register.Type [Dis . Nui 1. Component , 'Miles.Per.Hour*, Dia .Float.Tag) 
Nautical .Miles : constant Dis.Type.Id : = 

Dis . Register.Type (Dis .Nui lj Component , 'Nautical.Miles* , Dis . Float.Tag) 
Nautical.Miles_Per.Hour : constant Dis.Type.Id := 

Dis . Register.Type (Dis . Nui 1. Component , 

'Naut ical^Ki les.Per.Hour* , Dis. Float.Tag) ; 


Gallons : constant Dis.Type.Id : = 

Di s . Register.Type (Dis . Null. Component , 'Gallons', Dis. Float.Tag) ; 
Gallons.Per. Second : constant Dis.Type.Id ;= 

Dis . Register.Type (Dis . Null .Component , 

' Gallons.Per. Sec o nd ' , Dis . Float.Tag) ; 

Quarts : constant Dis.Type.Id : = 

Dis .Register.Type (Dis . Nui l.Component , 'Quarts', Dis .Float.Tag) ; 

Pounds.Mass : constant Dis.Type.Id := 

Dis .Register.Type (Dis . Nui l.Component , 'Pounds.Mass', Dis .Float.Tag) ; 
Pounds.Mass.Per.Second s constant Dis.Type.Id := 

Dis .Register.Type (Dis .Nui l.Component", 

'Pounds.Mass.Per.Second', Dis .Float.Tag) ; 

Slugs : co nstant Dis.Type.Id j = 

D 1 1 . Rtoi JTyfit (Dis .Nui l.Component , 'Slugs', Dis . Float.Tag) ; 
SlugsJ3£ * Constant Dis.Type.Id : = 

Dis .l|*qrji»ber .Type (Dis . Nui l.Component , 'Slugs.DP', Dis .Double.Tag) ; 
Tons : conscanc Dis.Type.Id : = 

Dis .Register.Type (Dis .Nui l.Component , 'Tons', Dis . Float.Tag) ; 

Pounds.Mass_Per_Cubic.Inch : constant Dis.Type.Id : = 

Dis . Register.Type (Dis . Nui l.Component , 

'Pounds.Mass_Per_Cubic.Inch*, Dis .Float.Tag) ; 
Pounds_Mass.Per_Cubic.Foot : constant Dis.Type.Id :* 

Dis . Register.Type (Dis .Nui l.Component , 

'Pounds .Mass. Per .Cubic. Foot*, Dis .Float.Tag) ; 
Pounds_Mass.Per_Cubic.Foot.Dp : constant Dis.Type.Id :» 

Dis . Register.Type (Dis .Nui l.Component , 

'Pounds.Mass_Per_Cubic_Foot.DP*, Dis .Double.Tag) ; 
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Pounds .Mass .Square .7 :oc ; :-:r.s:ar.c Dis.Type.Id ; = 

Dis . Regi ster.Type (Dis . Nul 1 .Component , 

* Pounds .Mas s _3qua r e_7oc c * , Dis . r 1 oac.Tag) ; 

31ugs_Square_?ooc ; constant Dis.Type.Id : = 

Dis . Regi ster.Type ;Dis . Nul l_Co.Tipor.enc , 

*51 ugs .Square .Foot * , Dis . 7 1 oat.Tag) ; 

51ugs.5quare_Fooc.Dp : conscanc Dis.Type.Id : = 

Dis . Regi ster.Type 'Dis . Null .Component , 

•Siugs.Square.Fooc.DP* , Di s . Double.Tag) ; 

Pounas.Fcrce : constant Dis.Type.Id : = 

Dis . Register .Type ' Dis . Nul l.Component , 'Founds.Force* , Dis . Float.Tag) ; 

Pounds .Force.Dp : conscanc Dis.Type.Id := 

Dis . Reg i seer .Type {Dis . Nul l_Componenc , 

•Pounds.Force.DP* , Dis . Double .Tag) ; 

Bcus : conscanc Dis.Type.Id : = 

Dis . Register JType { Dis . Nul l.Component , *BTUs*, Dis . FloacJTag) ; 

Btus.Per.Seccnd : conscanc Dis.Type.Id := 

Dis .Regi ster.Type (Dis . Nul l.Component , * BTUs .Per .Second * , Dis . Float.Tag) 

BCus.Per.Square.Fooc : conscanc Dis.Type.Id : = 

Dis . Regis cer.Type (Dis .Null.Component, 

•BTUs.Per.Square.Foot*, Dis . Float.Tag) ; 

Btus.Per.Square.Fooc.Dp : conscanc Dis.Type.Id := 

Dis . Regi seer. Type (Dis . Nul 1. Component , 

*BTUs_Per.Square_Foot_DP* , Dis . Double.Tag) ; 

Btus.Per.Square.Fooc.Per.Second : constant Dis.Type.Id ;= 

Dis . Regis cer.Type (Dis .Null .Component , 

* BTUs .Per .Square.Foot.Per.Second* , Dis .Float.Tag} ; 

Btus.Per_Square_Foot.Per.Second.Dp : constant Dis.Type.Id := 

Dis . Regi ster.Type (Dis .Null .Component , 

•BTUs_Per.Square.Foot_Per.Second.Dp* , Dis . Double.Tag) 

Calories : constant Dis.Type.Id := 

Dis . Regi ster.Type (Dis .Null. Component , 'Calories*, Dis . Float.Tag) ; 

Calories.Per.Second : constant Dis.Type.Id 
Dis .Regi ster.Type (Dis .Nul 1 .Component , 

•Calories.Per.Second*, Dis . Float.Tag) ; 

Foot.Pounds.Force : constant Dis.Type.Id := 

Dis . Regi ster.Type (Dis . Null .Component , 

•Foot.Pounds.Force*, Dis . FloacJTag) ; 

Fooc.Pounds.Force_Dp : constant Dis.Type.Id := 

Dis . Regi ster.Type (Dis .Nul 1. Component , 

•Foot.Pounds.Force.DP* , Dis .Double.Tag) ; 

Foot.Pounds.Force.Seconds : constant Dis.Type.Id := 

Dis .Regi ster.Type ( Dis .Null.Component , 

•Foot.Pounds.Force.Seconds* , Dis . Float.Tag) ,■ 

Fooc_Pouads_Force.Seconds.Dp : constant Dis.Type.Id := 

Dis .Reji ster.Type (Dis .Null.Component , 

•Foot_Pounds_Force.Seconds.DP* , Dis . Double.Tag) ; 

Horsepower i conetant Dis.Type.Id : = 

Dis .Regi ster.Type (Dis .Null .Component , 'Horsepower*, Dis. Float.Tag) ; 

Atmospheres : constant Dis.Type.Id := 

Dis . Regi ster.Type (Dis . Null.Component , 'Atmospheres* , Dis. Float.Tag) ; 

Ac mo spheres .Per.Secdnd t conscanc Dis.Type.Id := 

Dis . Regi ster.Type (Dis .Null.Component , 

•Atmospheres.Per.Second* , Dis . Float.Tag) ; 

Inches .Mercury : constant Dis.Type.Id := 

Dis .Regi ster.Type (Dis .Null.Component , 'Inches.Mercury* , Dis . Float.Tag) ; 

Psi : constant Dis.Type.Id := Dis . Regi ster.Type 

(Dis .Null.Component, *PSI*, Dis . Float.Tag) 

Pounds_Force.Per_3quare.Foot : constant Dis.Type.Id := 

Dis .Reg is cer.Type (Dis .Null.Component , 
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0 Pounds.Force.rer .Square .Foot * , Sis . ? loat.Tag, ; 
Pounds _Fc rce.Per.Square.Foot.Dp : conscanc Dis . Type .Id : - 
2 is . Register.Type (Dis . Nul I. Component , 

' ? o 'jnds _?o r c e_?e r q ua re oo : P * , Dis . Doubxe.Tag) ; 


"'emperafire cypes 

Kelvin : constant Dis.Type.Id : = 

Cis . Register.Type (Dis . Null .Component , 'Kelvin*, Dis . Float.Tag) ; 

Celsius : :or.s:an: Dis.Type.Id : = 

Dis . Register.Type (Dis .Null .Component , 'Celsius', Dis - Float.Tag) ; 

Fahrenheit: : constant Dis.Type.Id : = 

Dis . Register.Type (Dis . NuLl.Component , 'Fahrenheit', Dis . Float.Tag) ; 

Rankine : constant Dis.Type.Id : = 

Di s . Register.Type (Dis .Null .Component , 'Rankine', Dis . Float_Tag) ; 

Luminance types 

Candelas : constant Dis.Type.Id : = 

Dis . Register_Type (Dis .Null.Component , 'Candelas', Dis . Float.Tag) ; 

Candelas.Per.Me ter. Squared : constant Dis.Type_Id : = 

Dis . Register.Type (Dis . Null.Component , 

•Candelas.Per.Meter.Squared' , Dis . Float.Tag) ; 

Lumens : constant Dis.Type.Id := 

Dis . Regi scer.Type (Dis . Nul l.Component , 'Lumens', Dis . FloatJTag} ; 

Lux : constant Dis.Type.Id := Dis . Register .Type 

( Dis . Null.Component , 'Lux', Dis . FloatJTag) ; 

Radiance : constant Dis.Type.Id := 

Dis .Regis ter_Type (Dis . Null .Component , 'Radiance', Dis . FloatJTag) ; 

Radiant_Intensi ty : constant Dis.Type.Id := 

Dis . Register_Type (Dis . Null.Component , 

'Radiant_Intensi ty' , Dis . FloatJTag) ; 


Electromagnetic types 


Amps : constant Dis.Type_Id 

Dis. Register.Type (Dis .Null.Component , 'Amps', Dis . FloatJTag) ; 

Amps. Per.3quare.Me ter : constant Dis .Type. j.d : = 

Dis .Register_Type (Dis .Null .Component , 

•Amps.Per.Square.Meter', Dis . FloatJTag) ; 

Amps.Per .Meter : constant Dis.Type.Id : = 

Dis. Reg i s t e r .Type (Dis . Null. Component , 'Amps. Per. Me ter' , Dis . Float.Tag) ; 
Columbs : constant Dis.Type.Id := 

Dis . Reg is ter .Type (Dis .Null. Component , 'Columbs', Dis .Float.Tag) ; 


Frequency : constant Dis.Type.Id := 

Dis . Register.Type (Dis .Nul 1 .Component , 
Frequency _Pp : constant Dis.Type.Id : = 

Dis . Register. Type (Dis. Null .Component, 
Farad# constant Dis.Type.Id : = 

Dis. Register. Type (Dis .Null. Component , 
Henries 5 constant Dis.Type.Id :s 

Dis .Register.Type (Dis .Null .Component , 
Hertz : constant Dis.Type.Id := 

Dis . Register.Type (Dis .Null .Component, 
Impedeance : constant Dis.Type.Id :s 

Dis .Register.Type (Dis .Null. Component, 
Ohms : constant Dis.Type.Id := 

Dis .Register.Type (Dis .Null .Component , 
Siemens : constant Dis.Type.Id := 

Dis .Register.Type {Dis . Nul 1. Component , 
Tesla : conscanc Dis.Type.Id := 

Ois . Register.Type (Dis .Null .Component , 
Weber : constant Dis.Type.Id ;= 


'Frequency', Dis . Float.Tag) ; 

' Frequency.DP' , Dis .Double.Tag) ; 
'Farads', Dis . Float.Tag) ; 
'Henries', Dis . Float.Tag) ; 
'Hertz', Dis . Float.Tag) ; 
'Impedeance', Dis. Float.Tag) ; 
'Ohms', Dis. Float.Tag) ; 
'Seimens', Dis . Float.Tag) ; 
'Tesla', Dis. Float.Tag); 


1 

* 
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Dis . Regiscer.Type 


"Weber* , 

Dis .FI tac.Tag: ; 

Voles : constant Dis. 

Type.Id 



Dis .Regiscer.Type 

; D i s . Nu 1 I .Do mpe r.e nc , 

•Volts" , 

Dis . Float. Tag) ; 

X vc Its : conscanc Dis 

.Type.Id : - 



Dis . Register .Type 

( Dis . Nul 1. Component , 

"Kvcl cs * , 

, Dis . FI cat .Tag! 


Miscellaneous types 


Dec i cels : constant Dis. Type.Id : = 

Dis . Regiscer.Type (Dis . Nul IjCorrporenc , "DeciDels", Dis . FIoat.Tag} ; 
Decibels.Dp : conscanc Dis . Type.Id ;= 

Dis . Regiscer.Type ( Dis . Nui i ^Component , "Deci beis.DP* , Dis .Double.Tag) ; 

Rpm : conscanc Dis. Type.Id := Dis . Regis cer_Type 

(Dis . Null.Component , "Rpm*, Dis.Floac.Tag); 
Non.Di mens ional : conscanc Dis, Type.Id : = 

Dis . Regis cer.Type {Dis .Null .Component , "Non.Dimensional * , Dis.Floac.Tag); 
No n.D i mens io na 1 _Dp : conscanc Dis. Type.Id : = 

Dis . Regiscer.Type (Dis . Null .Component , 

•Non.Dimensional.DP* , Dis . Double.Tag) ; 

Kilobyces : conscanc Dis.Type_Id 

Dis .Regiscer.Type (Dis .Null .Component, 'Kilobyces*, Dis . FIoat.Tag) ; 
Megabytes : conscanc Dis. Type. Id := 

Dis . Regis cer_Type (Dis . Nul l_Componenc , "Megabytes*, Dis . FIoat.Tag) ; 

-- Enumeration types 

package Spc is new Dis . Enum.F unctions (Scd.Eng .Units .Shapes) ; 

Shapes ; conscanc Dis.Typ«_Id :r 

Dis .Regis ter. Type (Dis .Null.Component , 'Shapes*, Dis .Enum JTag, 

Labels => Spt. Labels, 

Size => Spt . Size} ; 


end Sstf.Defs; 
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8.6. Tlmer_Services_Class 


The Timer_Services_Class is a service package that is used to support classes that wish to run at a slower, 
harmonic rate of the partition. Timer_Services_Class must be used as shown in the Class Template with 
Computed Period (7.2). Within a given period, the service procedure Update must be called before the selec- 
tor functions Tlme_To_Execute and Actual_Delta_Time are valid. Time_To_Execute must be true to get a 
valid, non-zero, time from the Actual_Delta_Time function. The current implementation of Timer_Ser- 
vices_Class is listed below 


with Std_Eng_Units ? 

package T i mer_3er vices _C lass is 

package Seu renames Std_Eng_Uni ts ; — Simplifies parameter names. 

type Rates is (Full, Half, Quarter, Eighth, Sixteenth, Thirty_Second, Sixty_Fourth) ; 
subtype PeriodjDf f sets is Natural range 1..64; 

type Object is limited private? — Limited private is preferred. 

-- ***************************** Modifiers ******************************** 

procedure Create (Timer : in out Object; 

Subrate : in Rates :s Full? 

Period_Base_Time : in Seu. Seconds := 0.0; 

Period_Of fset : in Per iod_Off sets 1); 

procedure Update (Timer ; in out Object; 

DelcaJTime : in Seu. Seconds) ; 

— ***************************** Selectors ******************************** 


function Time_To_Update (Timer : Object) return Boolean; 
function Actual JDeltaJTime (Timer : Object) return Seu. Seconds; 
function Get_Child_Rate 

(Parent_Rate : Rates; 

Rate_Of f JThe_Parent ; Rates) return Races; 


private 

type Object 
record 


Period JTime 

Seu. Seconds 

:= 0.0; 

Timer 

Seu. Seconds 

o 

o 

II 

TirnerjOf fset 

Seu. Seconds 

; = 0.0; 

DeltaJTims 

Seu. Seconds 

o 

o 

n 

T i *• JTo^Dpds t • 

Boolean 

: = False 


end tmptQt 

end Time r jSm JC1 ass; 


— I Abstract 

— I 

— I 

— I Warnings 


This class provides the timer services needed to run class 
instances at a slower, harmonic relative rate of the partition 

None . 
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9. APPENDIX III - QUESTIONS AND ANSWERS: 


9.1. Ada Structural Components: 

1. Why is SSVTF defining and encouraging the use of a defined and consistent Ada struc- 
tures (classes, partitions)? 

Experience has proven that for large object-oriented real-time Ada programs, it is important to clear- 
ly define and consistently implement the software to assure success. Ada is a general purpose lan- 
guage that can be used in a variety of ways. Haphazard use of Ada constructs in a so-called object- 
oriented design methodology can easily defeat the point of what makes OOD a benefit. Adding in 
real-time and simulation constraints can worsen the impact. The most logical approach is to define 
what Ada structures support the requirements and design methodology and then consistently apply 
them over the entire project. These structures provide the basis for the design. However, they are 
not meant to be overly restrictive - if there are good reasons to move slightly outside the standard 
and the overall design goals are not corrupted, then no problem. In most cases, the design standard 
will be improved in these cases. 

2. Why are there partitions? 

Regardless of what your ’sign is, at some point the final class instances must be created some- 
where — usually in an Ada am program or ASM. For areal— time, distributed system, large programs 
must also be divided into self-contained manageable chunks that can be easily configured intojhe 
system. Those chunks are -equivalent to CIs on SSVTF. Ada mains could be the chunks, but m$ins 
are usually too large, restrictive, and brittle. Non-robust communication methods usually require 
modelers to assume certain build configurations (what model is on what cpu). S VM was built to pro- 
vide a seamless interface to support distributed processing so models could run on a 'Virtual single 
machine". The best level to provide this service was at the partition level - the level below the Ada 
main. In addition, Ada 9x will support partitions and this will make SSVTF closer to the future Ada 
standard. Partitions therefore are not an SVM particular requirement - they are a reality. 

3. When do you make an Ada main? How many partitions in an Ada main? 

For the target machine, Ada mains will be constructed out of 1 or more partitions. The number of 
partitions within an Ada main depends on the RMS rate and execution time requirements of each 
partition. In general, modelers do not need to worry about this. 

4. What la the criteria for choosing partitions for a Cl? Can there be too many or too few? 
How large can a partition be (lines of code and execution time)? 

A Cl can be made of 1 or more partitions, a partition could represent several CIs, or a set of Cl require- 
ment! oould be divided amongst many partitions The first situation is the most common. A better 
way tgyfc jhk about partitions is that they represent a logical assembly of objects representing some- 
thing in tie real World. They may be real-world objects themselves like a star tracker, or they are 
a collection of objects that perform a real-world capability like a hydraulics system. The determina- 
tion on what is too many or too few depends on the system itself and a compromise between the vari- 
ous real-time constraints. As a note, the more partitions there are, the more overhead processing 
is required to schedule and to send messages. Eventually, there will be timing values measuring the 
overhead. Also note that partitions, in general, should assume a time lag of one period for data. There 
are options to sequentially data between partitions running on the same cpu and same rate (see mes- 
saging system), but this is not the norm. Large partitions on the other hand could result in very large, 
monolithic models that are hard to manage and cumbersome to use Basically, a Cl should be de- 
signed such that is is decoupled and easy to work with. The modeler must strike a good balance. 

A partition must be able to execute on a single cpu. The current estimate is 10 SMIPS /processor 
As for size, it varies widely but a good number is between 5-20 KSLOCS per partition (average). 
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5. How is a class represented in Ada? 

Classes are constructed as Ada abstract data type packages. See appendix I 

i 

6. Do all class structures need create, request_state_change, update, and selectors? 

Update is required since the models usually do something over time. Request_State_Change is 
needed for object initialization or aperitif change state requests (like malfunctions). Selectors are 
usually needed to extract state data from the object unless the OUT parameters are used in the Up- 
date routine. It is preferred to use selectors. Create is optional since it supports 1 time instance con- 
figuration. Using Create to configure a class is equivalent to creating an Ada generic class. Create 
is called during program elaboration. 

NOTE: Using these specific names (Update, Request_State_Change) are not critical (but recom- 
mended). Other names (such as Initialize for Request_State_Change) are ok. The important point 
is the meaning of these procedures - class structures should be consistent in implementation For 
example the Initialization procedure must support singular state changes as the Re- 
quest_State_Change procedure does. There can be more (or less) procedures actually implement- 
ed as long as the structural meaning is retained. 


7, Why are local variables In a partition’s body? Why are there no parameters In partition 
body routines? 

Local variables in the partition body are either the state of the partition (along with the class instances 
declared there), or they are temporary values that are used to hold intermediate transitions of external 
data to class data parameters or to hold OUT parameters from classes. In many cases, it is unavoid- 
able not to have these parameters. Using selectors in class structures reduces the number of these 

variables. 


There can be procedures with parameters in the body of the partition. The "parameterless proce- 
dures are simply groupings of object connections for maintainability and modularity concerns^ It ap- 
pears (and is true) that these procedures are working off of common data in the partition body, but 
placing the logic of these routines within a single update routine can make for a very long procedure. 
Modeler discretion is required. 


8. Can lone variables be declared in a partition’s spec or class specs or bodies (outside the 
private type)? 

No never Doing so would cause bad side-effects in that global data would be created in the system. 
In partitions, lone variables In the spec imply that someone is going to read them. Since partitions 
never WITH (reference) other partitions directly, this would invalidate the whole point of building a 
seamless distributed system (creating a full-fledged mess). Lone v^'es outo.de toe dass pwate 
type (but defined in the class) is equivalent to creating global data. Doing this invalidates the whole 
ooiftf of object-oriented design. Side-effects would include models that work stand-alone but fail 
onSe Integrated sim or exhibit peculiarities during integrated operations (data being changed arbi- 
trarily). (Note that local data variables declared in procedure declaration sections are valid since they 
exist only during the life of the procedure call.) 


9. Why are there DIS objects In interface definition packages? Aren’t only ’’types 
here? 


allowed 


True, types are only allowed here. The DIS object however provides a unique ID for a message A 
unique ID is required to dynamically connect partition messages dunng set-up (sands s mu* i say 
which message they are outputting, and receivers must state what message they want tc i ec . 
The DIS id is toe "way" they identify toe specific message). This object is not gtopat data since .it s 
never read or written to - rather, it is used to set up a unique ID tor toe message dunng set-up only. 
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10. Should message records have default values in interface definition packages? 

No. Multiple distributed elaboration will cause the messages to reset multiple times. Also, the mes- 
saging system design cannot take advantage of default values (since pointers are never allocated). 
Messages are first initialized during the selfnnit mode by the defining partition (the sender). 

11. Why are there access types in lnterface_Defn packages? 

Two reasons. (1 ) The software backplane is a general messaging system. It is not (and should not) 
be dependent on the data types sent by partitions. Pointers of the access types are used to point 
to the memory of the partition’s message area as an address. Knowing the message size, the back- 
plane can send messages generically (bytes) from one partition to another. (2) For efficiency rea- 
sons, the pointers defined in the partition body can be manipulated (in some cases) instead of actually 
copying data. Messages are truly sent, but the most optimal method can be performed by the back- 
plane. 

Note that pointers of the access types are never allocated (using the NEW construct). S VM uses the 
pointers as address pointers only. 

12. Can clasa data types be WITHed Into lnterfacs_Defn packages, or do all Interface types 
have to be in the Interface.Defn package or SEU/SET? 

Classes should not be WITHed in lnterface_Defn type packages. This would tie the whole system 
together from the top to the bottom causing compilation problems and would be very non-resident 
to change. Try to keep interface data atomic using SEU types. If a class defines its own type, let the 
partition convert it if it ends up in the interface. 

1 3. Why are access pointers used in non real-time and records used in real-time in defining 
class abstract data types? 

The advantage of using access types for the limited private type is that the attributes of the object 
can be deferred to the body. The disadvantage is that the memory for the variables are declared on 
the heap during startup and are therefore not available in the symbol map for real-time debugging. 
Since r/t debugging is necessary, access types cannot be used. 

14. Why doesn’t the standard allow non-partition ASMs as a legal construct in addition to 
the class structure? 

This standard discourages the use of ASMs as a general programming structure for the following rea- 
sons. (1 ) ASMs are Ada structures not normal in other OO languages. In these languages, classes 
are like AOTs, period. (2)Developers tend to make ASMs talk to ASMs directly (which is not possible 
with ADT da m structures). This will eliminate a possible reuse without code modification and results 
in a more brittle design. (3) If designers first think in terms of ADT classes, it has been proven that 
bettor GO designs materialize. If the mind set is ASMs, then resulting design usually isn't as robust 
as it oould have been. 

There are cases however where ASMs are the best solution. In those cases, the standard does not 
discourage their use. 

1 5. Why aren’t clasa structures defined as goner' SM’s? 

Generic ASMs do make good class structures excep _ at they are Ada-specific (non-standard class 
structures). In addition, there is a certain inefficiency with Ada generics that can be significant if used 
too much. The standard discouragesgeneric ASM classes primarily to stick with current OO technol- 
ogy and to give us a fighting chance to fit the processing of the trainer into the purchased computer 
systems. 
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Note that generic ADTs are reasonable structures if classes are to be generalized. Again generics 
should be used judiciously (don't go overboard). Note that it takes longer to develop a generic class 
than a specific class (experience has shown) - make sure they are worth it. 

16. Can Ada tasking be used for real-time applications? 

No (unless there is an extremely good reason). Ada tasking conflicts with the RMS real-time schedul- 
ing activities. SVM will not be able to control the task and sequence other models correctly. If tasks 
are used, they most likely will have to run in their own UNIX process (further complicating RMS and 
the load configuration). Tasking in general should be used only when truly necessary - using the 
construct for the sake of using it will only lead to unnecessarily complex designs. 

17. How do we test a partition In standalone? Can we use the Rational? 

Not yet, but there is an effort underway to support partition testing on the Rational. 


9.2. Executive Sequencing and Moding: 

1. How do I run my model in real time? 

Section 4.1 describes how a model runs in real-time under SVM. Basically, a partition instantiates 
a package called "Periodic" from the "Generic_Model" package (appendix II, pg 66) and provides the 
update rate (in hz) and mode routines applicable to the partition (run, freeze, hold, etc ). From, that 
point on, the thread executive calls the partition's mode routines at the appropriate time and at the 
proper rate. 

2. How does a modei (partition) gat the time or delta time to be uaed when updating the state? 
What is the unit of time (seconds, microsecs, milllsecs)? 

The unit for time is defined in SEU as "seconds" (real number). Classes and partitions should use 
this type for defining update times. Time itself can be obtained two ways. When a partition instan- 
tiates a thread executive from the package "Periodic" in the "generic model" (see appendix II ,), a vari- 
able ”Delta_Time" becomes available. This is the delta time based on the period time of the thread 
executive (i.e. 0.1 00 for lOhz, 0.033_333 for 30hz). It will alwaysequal this interval. If SGMT or GMT 
is needed, the partition may call the selectors G_M_T or S_G_M_T also in the “Periodic" package 
specification. This returns the period-relative GMT/SGMT time for the partition. Period-relative 
means that the dock with respect to the using partition ticks at the rate of the partition (i.e 1 00ms 
or 33.33ms increments for 1 0hz or 30hz respectively). Note that reading the actual time (i.e. to the 
current microsecond) from the partition is not generally provided since with RMS, the model execu- 
tion may slide around in the period producing inconsistent time values. Period relative time is the only 
consistent dock for the partition. For spedal cases, however, instantaneous time can be made avail- 
ably 

3. How doYw mode routines execute? 

The instantiation of the "Periodic" package of the "Generic_ModeT takes a generic formal parameters 
the partition’s mode routines. The thread executive created from the instantiation coordinates its acti- 
vities with a SVM master executive and then executes the correct mode procedure at the correct time. 


4. How do I chose the rate the partition runs at? 

The rate of a partition is based on the response required by the model. Response should be • the 
minimum rate (slowest) based on how the student will perceive the real-time behavior. If the student 
can’t perceive the difference between 30 hz and 10 hz for the particular model, use 10. Response 
requirements also depend on the hardware. The model must run fast enough to service ar ware 
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(otherwise, the hardware may enter a fault mode). The modeler should be aware of the execution 
rate differences (and its implication to data flow) between producer partitions and consumer parti- 
tions. Execution rates for the partitions do not have to be harmonic, but data may appear to be 
irregular between non-harmonic partitions. In the example below, a 25Hz partition consumes data 
produced by a 40Hz partition; the data is taken from the producer’s period that has completed im- 
mediately before the beginning of the consumer's period. The producer executes eight times to every 
five executions of the consumer, and so produced data is skipped in a pattern repeating every 200 
milliseconds 


25Hz conaurow 


//A\w/Av\vy/yi 1 1 wj ■ i r//>in\\M i « ivw i iixv> 


40Hz producer 


l t / f/> / W L2 > t 


|>v i r/i.v i ixAVi i /y\n i /vvm i //vm i </v\» i f/ 


I I 

milllMConda 0 200 

5. How do I determine how much fidelity to build into a model? 

Fidelity is dependent on what the student or instructor want to see in the way of data and the amount 
of functionality required. The fidelity of the model should be the minimum required to support the 
training. For example, if a student cannot detect the effects of a valve in transition (opening or clos- 
ing), then a full fidelity valve simulation is not needed. A simple open/closed model is adequate. If 
the transition causes effects based on the transition that are detectable, a higher fidelity model may 
be needed. Strive for the minimum required fidelity. With a good objectized design , the model fidelity 
can always be easily increased. } 


6. Can objects run slower than partition? 

Yes. However, the intent is to have an entire partition execute ata given rate (as a whole). For special 
circumstances (due to execution cost), modelers may slow down objects defined by a partition - the 
reduced rate must be a harmonic (1 /2, 1 /4, 1 /8, etc.) of the partition rate. Modelers will have to bal- 
ance the partition across the partition periods and execution must stay within partition period intervals 
(all execution must complete within the partition worst case RMS time allocation per period). Refer- 
ence Appendix 1 , 7.2 (class template with computed period) for an example structure. Modelersmay 
use other mean? to sub-schedule (internal jump-lists), but the above approach is the recommended 
approach 


7. Why la the partitions interface definition WITHed in the spec Instead of the body? 

By convention only. If you look at the partition spec, you can see what interfaces it externally refer- 
ences. If the external interfaces are WITHed in the body, they will mix with all the WITHsof the internal 
classes and other packages. 

9.3. MessiQtitg: • 

1. How do |HrVtlon*s (model) communicate? 

Partitions communicate only via the software backplane via the SVM interface packages Message 
and Mailbox. Partitions define message structures in ■lnterface_Defn“ packages. 


2. When do I use one-to-many? 

Mrs; real-world interfac- ; (electrical wiring, pipes, busses, electrical signals, etc.) use the 1 -to- 
rn y messaging appro a n. This approach should be used when the producer outputs a message 
th any receiver can receive. 1-to-many can be 1 — to— 1 . 


3. When do I use many-to-one? 
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Many-to-1 is used when a partition has many inputs all of the same message type. For example, 
many producers supply load back to the electrical system. The electrical system defines the type and 
the. producers use that type to send the message to the electrical system partition. The messages 
are queued so none will be missed. 


4. When do I use mailbox? 

The mailbox should only be used for command and control (non real-world interfaces). Normally, 
partitions will only read their mail, not send it. The IOS will use mail extensively to send malfunction 
requests. 

5. Can transaction processing run under SVM and RMS? 

Not easily (actually no). RMS assumes that models execute at a given periodic rate for a set time. 
RMS theory can then guarantee the periodic updates. A transaction process has an inconsistent 
cycle time (event based) and runs till if s done (not abiding by the periodic cycle rules). This will cause 
the other RMS models to miss their deadlines. Merging the two execution models (RMS, transaction) 
together is very non trivial, opens up cpu performance, cpu allocation, and UNIX process and OS 
issues, and results in a brittle software design. It can be done, but We'd rather avoid it 

9.4. Generic Partition: 

1. If a model is designed as a partition and is a generic system, what options are therefor 
reducing the duplication of code? | 

In special cases, the modeler can define a partition using a generic. This allows multiple partitions 
to be created from a single code module. Reference the generic partition write-up in this document 

9.5. DIS 

1. Why is DIS necessary? 

In order to "see” data on the IOS or gather data for da t as tore, there must be a capability to map logical 
names to physical variables and a way to uniquely id the variables. In addition, there is a requirement 
for no off-line tools. The DIS provides this capability and a few more features like providing unique 
message ids and partition ids. DIS is "part of the code” therefore no off-line tools are needed - the 
symbol mapping will always be updated with the loads. 

2. How does IOS get access to data variables in system? 

Via the DIS identifiers and a DIS feature called "look" that can gather data via its address The IOS 
maps IOS page variables to DIS names, sends a request to SVM to see the symbol, and SVM returns 
the bytes that make up the symbol. 

3. How ddittfMd and set variables for engineering debug? Are DIS variables used for this 
type of e n g in ee r ing analysis? 

The RTSC Ada compiler vendor will provide a real-time debugger. DIS variables can be used for 
engineering analysis, but modelers should not add non-IOS DIS parameters just for this purpose. 
The DIS has a reasonable limit on the number of variables it can register. 

9.6. Datastore: 

1. why is data extracted using peek operations but brought back by using mailbox? The 
mailbox approach is cumbersome, why not poke the data back into the addresses? 

Peek operations will not harm the model and the model does not have to do anything extra except 
for registering datastore data in the DIS to support this approach. The mailbox is used for inputs be- 
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cau se not a! I the state of the objects is data stored. Updating a partial state vi a a poke operation (back- 
door) will cause problems. The mailbox allows the model to logically apply datastore data via "Re- 
quest_State_Change" class operations. . 

There are still some issues with the approach that are being worked out. This area will be tuned and 
simplified in the future. 

2. Why can’t partitions define records for datastore terms instead of each individual term? 

The instructor and RECON need to see the ASCII names of the datastore terms (and other associated 
information). Extracting binary records will not support this activity. In addition, if the load changes, 
datastore binary records may be altered causing an odd failure on return to datastore (if the partition 
overlays the record representation onto the binary datastore file). 


3. What data should be datastored? 

Only independent variables. Variables that can be obtained or derived from other partitions' output 
data or internal independent data should not be in the datastore. Models should keep the terms at 
a minimum. Currently, SSVTF is limited to around 40, OCX) terms. This issue still needs work. 

9.7. Interface Agent: 

1. SVM allows transparent connections between partitions, but between assets an Interface 
agent is required. Why? 

The software backplane can route messages to other assets without interface agents. However, 
there are special requirements on SSVTF regarding assets because they can be added, dropped, 
simulated, or stimulated. Something must exist to provide these modeling Unctions. Also, when con- 
nected to heterogeneous platforms, the interface agent must make sure the bytes are ordered cor- 
rectly. Moding of the asset must also be managed. See the write-up on interface agents. 


10. APPENDIX IV -EXAMPLE CODE (NON-REAL-TIME) 


Vnit Name : Lesson_Class 

-- Abstract : Controls a sec of Lee cures, Oata_Recordi r.gs , Centro l_Laws , 

. and an ExitJTest co achieve one or more learning objectives. 

r jses an interactive Cont rol_Fanei to permit the student to 
control the Lesson progress. 


Exceptions 


Requestor_not_Authori zed 


— ■ Warnings 

--I Author 
— I 

--I Department 
--! 

--i Revisions 


-- 1 
— 1 
-- 1 


— I 

--i O-Spec 
--I Copyright 


: None . 

: Gary Young 

: TSC . SSVTF .Computer_Sys terns . So f tware_Engineering 

: Date Author 

4-30-92 Bill Wessale 
— Added Header 

6-1-92 Gary Young 

Added Selector and Modifier section* 

Implemented Selectors : Script_Id, Version, 

Acti ve_ObjeCC_ID, Next_Obj ect_ID , Current .Step, 

Percent _Complete, Prerequisites 

: JSC-32xxx, Section 5 

: Developed by CAE-Link under the Training Systems Contract 
for the Johnson Space Center (JSC) of the National 
Aeronautics and Space Administration (NASA). All rights 
reserved . 


with Std_Eng_Types; 
package LessonjCiass is 

type Object is limited private; 
type Object_Id is (Tbd) ; 

type Prerequisice_List is (Tbd) ; 

package Set renames Std_Eng_Types; 

subtype Steps is Set. Positive range 1 .. 500; 

— ***************** Modifiers ************************ 
procedure Create (Instance : in out Object) ; 
procedure ^Destroy (Instance : in out Object) ; 
procedure Revise (Instance : in out Object) ? 
procedure Browse (Instance : in Object) ; 

procedure "Export (Instance : in Object; File_Name : in String); 
procedure In^>ort (Instance : in out Object; File_Name : in String); 
procedure Start (Instance : in out Object) ; 

procedure Pause (Instance ; in out Object); 

procedure Resume (Instance : in out Object) ; 

procedure Backspace (Instance : in out Object; Number^ Of_Steps : in Steps) 

procedure Skipahead {Instance : in out Object; Number_Of_Steps : in Steps) 

procedure Kill (Instance : in out Object); 
procedure Report_Status (Instance : in Object); 
procedure Act ivity_Complete (Instance : in out Object) ; 

— ***************** Selectors ************************ 
function Script_Id (Instance ; in Object) return String; 
function Version (Instance : in Object) return String; 
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r unc 1 1 tr. Aczt ve.Ib; ec t _Id ’ Ins c a he e : "t h C fc ; e ; - : recur n r C b jeer _ : d ; 


unction 

Next _Ob j ec t _ Id (Instance ; 

tr. Cfc;ect; recur 

r. Cc;e:t_:d; 

unct ion 

Current .Step (Instance : ;r. 

:t;ecz; return 

' i 

Post:, v- r; 

unct ton 

Per tent .Complete (Instance 

: tr. Cbjecz ret 

urn ?ta.::ve 

unct ton 

Prerequisites (Instance : t 

r. Inject: return 

Prerequtst ti 


?r:va;e 

eyre State; 

eyre Cb jeez .s access State; 
end lessened lass ; 



Unit Name : Cesson.Class 


--i Author : Gary Young 

— ! 

— i Department ; TSC . 5SVTF . Computer_Systems . $of t war e.Engi nee ring 


-- i Revisions 
-- ! 

— ! 

--I 

-- i 0-Spec 
— i 

--I Copyright 
--I 1991 


— I 
--I 

— I 


: Date Author 

4-30-92 Bill Wessale 

--Added Header 

; JSC-32xxx, Section 5 

: Developed by CAE-Link under the Training Systems Contract 
for the Johnson Space Center (JSC) of the National 
Aeronautics and Space Administration (NASA) . All rights 
reserved . 


with Training_Script_Class ; 
package body Lesson.Class is 

type Script ..Designator is (Tbd) ; 
type Version_Designator is (Tbd) ; 
type State is 
record 


Training_Script_Class .Object ; 


Script 

Cur.ent.Mcde 
Script.Id 
Version 

Ac t i ve_0b j ec t.Ids 
Next_Object_Id 
Current.Step 
Percenc.Complete 
Prerequisites 
end record; 

procedure Create (Instance 
begin 

Trainin q^fej ript^Claae . Create (Instance => Instance .Script) ; 
— In itia l! I# the Current _Mode component 
end Creaeijtbi . 


Set . Mode 

Script ..Designator 
Version_Designacor 
Object_Id 
Object_Id 
Steps 

Set . Percent 
Prerequisice_List 

in out Object) is 


= Set . Ini tialize; 
= Tbd; 

= Tbd 
= Tbd 
= Tbd 
= 1 ; 

= 0 ; 

= Tbd; 


procedure Daetroy (Inetance ; in out Object) is 
begin 

Training.Script.Class .Destroy (Instance => Instance. Script) ; 
end Destroy; 

procedure Revise (Instance : in out Object) is 
begin 

Training "cript.Class . Revise (Instance => Instance. Script) ; 
— Rev the Current_Mode component 
end Revise 

procedure Browse (Instance : in Object) is 
begin 

Training.Sc ripe .Class . Browse (Instance => Instance. Script) ; 
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e_N \are : 


Initialize :r.e lur rent_Mode tempo ner.t 
end Browse; 

procedure Expert ; Instance : in Cb~ ec t ; Fil 


ng. 


is 


?raming_Script_Ciass - Export 

Instance - > Instance . Script , rile _N T a me - > Fi~e_Mame); 

-- Append the Current _Mcde to the file 
end Export; 

procedure Impc rt .Instance : in out Object; File _N’a me : in String' is 
cegm 

Tra : ning_Scr ipt _Class .Import 

■Instance => Instance . Script , Filename => File_Name) ; 

-- Input the Cur rent _Mode 
end Import; 

procedure Start (Instance : in out Object) is 
begin 

Training_Script_CIass . Start (Instance => Instance . Script ) ; 

-- Change the Current_Mode component to the appropriate mode 
end Start; 

procedure Pause (Instance : in out Object) is 
begin 

Training_Script _Class . Pause (Instance => Instance . Script) ; 

— Change the Current _Mode component to be Paused 
end Pause; 

procedure Resume (Instance : in out Object) is 
begin 

Training_Script _Class . Resume (Instance => Instance. Script) ; 

-- Change the Current_Mode component to the appropriate mode 
end Resume; 

procedure Backspace (Instance ; in out Object; Number_Of_Steps : in Steps) is 
begin 

Training_Script_Class . Backspace (Instance => Instance . Script , 

Number_Qf_Steps -> Number_Of_Steps) ; 

end Backspace; 

procedure Skipahead (Instance : in out Object; Number_Of_Steps ; in Steps) is 
begin 

Training_Script_Ciass . Skipahead (Instance = > Instance . Script , 

Number_Of_Steps => Number_Of_Steps ) ; 

end Skipahead; 

procedure Kill (Instance : in out Object) is 
begin 

7raining_Script_Class .Kill (Instance => Instance. Script) ? 

— Change the Current_Mode component to Killed 
end Kill; 

procedure Report_Status (Instance : in Object) is 
begin 

Training_Scripc jSlass . Report_Status (Instance => Instance . Script ) ; 

— Report status on the Current_Mode here 

end Report ^Status ; 

procedure Activi ty_Complete (Instance : in out Object) is 
begin 

Training_Script_Class .Activi ty_Complete (Instance => Instance . Script ) ; 

— Change the Current_Mode component to be Completed, 
end Activi tyjComplete; 

function Script_Id (Instance : in Object) return String is 
begin 

return Script_Oesignator ' Image ( Instance . Script_Id) ; 
end Script_Id; 

function Version (Instance : in Object) return String is 
begin 

return Version_Designator ' Image ( Instance . Version) ; 
end Version; 
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function Acti ve_Ib:e:t_I 5 Instance : . r. It ; e: t , recur- :c;e::_:a 
teg i n 

return Instance. Act i ve_Cbject_Ids ; 
end Ac t i ve _Cb j ec t _ r 2 ; 

function Mext — Cfc: ect_Id 'Instance : in C t : ecu , return Cbjett_ Id is 

a — 

ret urn Instance . Mext_Cb j ec t _Id ; 
e r.d Me x t _0b : ec t _ I ti ; 

function Current tec (Instance : in Object} return Positive is 
begin 

return Instance . Cur rent _Step ; 
end Cur rent _3tep; 

function Percent .Complete (Instance ; in Object} return Positive is 
begin 

return Instance . Per ceric ^Complete; 
end Percent_CompIete ; 

function Prerequisites (Instance : in Object) return Prerequisi te_List is 
begin 

return Instance . Prerequisi tes ; 
end Prerequisites; 
end Lesson_CIass ; 
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11 Appendix V - Hydraulic System Example 

The following is an example of a real world hydraulic system and its representation as a simulated soft- 
ware system. This example will include design considerations based upon the SSVTF architecture as 
outlined in this document. 

11.1 Real World Hydraulic System 

The hydraulic system provides pressurized hydraulic fluid to actuators that move the control surfaces and 
raise and lower the landing gear. The system is controlled via the hydraulic control panel which provides 
switches to control the system. The system sends signals to the hydraulic control panel so that the con- 
trol panel can display the status of the system. The system receives power from the electrical system 

Refer to figure 1 for a pictorial representation of the hydraulic system and related components Notice 
that although the actuators, control surfaces, landing gear, hydraulic control panel and electrical system 
are shown in the figure, they are modeled as separate entities. The modeling of these external compo- 
nents will not be done here. This example will, however, model the Interface to these entities. 

Therefore, the hydraulic system includes the following components: 

• Two fluid pressurization assemblies that each include one motor, one gear box and 
one pump 

• Two valves 

• Two accumulators 

• One reservoir 

• One reservoir quantity sensor 

• Two pressure sensors 

• A fluid distribution system 

• Fluid return lines 

11.1.1 Fluid Pressurization Assembly 

A fluid pressurization assembly is a collection of mechanical devices that convert electrical power to hy- 
draulic pressure. This assembly includes a motor, gear box and pump, each described as follows: 

11.1.1.1 Motor 

The motor uses electrical power to turn a shaft that drives the gear box. In providing power to the gear 
box. the motor in turn produces a load on the electrical system. 

The motor is powered on and off via a switch on the hydraulic control panel. The motor provides an in- 
dication of whether it is on or off back to the hydraulic control panel. 

11.1.1.2 Gear Box 

The gear box transfers torque from the motor to the pump. 

11.1.1.3 Pump 

The pump pressurizes the hydraulic fluid provided by the reservoir. It also sends its operational status to 
the hydraulic control panel. 

11.1.2 Valve 

A valve allows the isolation of the pressurization system from the distribution system. Since this valve is 
electrically actuated it produces a load on the electrical system. 
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The valves in the hydraulic system are controlled via the hydraulic control panel. The valves provide the 
hydraulic control panel with an indication of their position, ranging from open to closed. 

i 

11.1.3 Accumulator 

An accumulator is type of damper that helps the hydraulic system maintain a constant pressure. It is di- 
vided into a fluid side and a gas side separated by a movable diaphragm. Hydraulic pressure is absorbed 
by the accumulator by allowing the fluid from the distribution system to push the diaphragm and increase 
the gas pressure by lowering its volume. When the pressure in the distribution system lowers, the pres- 
sure of the gas in the accumulator pushes fluid back into the distribution system. 

11.1.4 Reservoir 

A reservoir is a storage container for hydraulic fluid. 

11.1.5 Reservoir Quantity Sensor 

A reservoir quantity sensor provides an indication of the level of hydraulic fluid in the reservoir. 

The quantity sensor in the hydraulic system is electrically powered. It receives power from, and in turn 
place a load on the electrical system. The quantity sensor provides a signal to the hydraulic control panel 
so that the quantity of fluid in the reservoir can be displayed. 

11.1.6 Pressure Sensor 

A pressure sensor provides an indication of the hydraulic pressure in the distribution system. 

Like the reservoir quantity sensor, the pressure sensors in the hydraulic system are electrically powered. 
The pressure sensors provide signals to the hydraulic control panel so that the distribution system pres- 
sure can be displayed. 

11.1.7 Distribution System 

A distribution system is a network of hydraulic tubing that distributes pressurized hydraulic fluid to the ac- 
tuators. 

11.1.8 Return Lines 

Return lines return excess hydraulic fluid from the actuators and distribution system to the reservoir. 
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Real World Hydraulic System 




1 1 .2 Specification of the Software System 

In order to create a software simulate - of a real world hydraulic system, ail relevant components of the 
real world system must be modeled, as well as any additional components to support the simulation. Two 
such support components in this example are the IOS and the aural cue. More details on these two com- 
ponents will be given later. 

11.2.1 Externai Components 

At this early point in the analysis, the system can be defined in terms of components that are internal (ac- 
cumulators, distribution system, reservoir, etc.) and components that are external. The externals are as 
follows: 

• Control surfaces (includes control surface actuators) 

• Landing gear (includes landing gear actuators) 

• Electrical system 

• Hydraulic control panel 

• IOS 

• Aural cue 

Although this example will not give the details of the external models, it does specify the interfaces to 
these externals. Figure 2 shows the associations of the hydraulic system and its externals. 

11.2.1.1 Control Surfaces 

The real world control surfaces are moved by actuators which are connected to the hydraulic system. 

The control surface actuators consume fluid based on the pressure of the fluid provided by the hydraulic 
system. The actuators also return fluid via the return lines. The interface between the hydraulic system 
and the control surfaces will therefore provide a mechanism by which the hydraulic system can provide an 
indication of the available pressure and the control surfaces can provide the actual pressure flow (in-flow) 
and the return flow. 

11.2.1.2 Landing Gear 

Although the landing gear model would be quite different than the control surfaces model, the interface 
between the hydraulic system and the lanci n g gear is similar to the interface between the hydraulic sys- 
tem and the control surfaces. The interface must provide a mechanism by which the hydraulic system 
can provide an indication of the available pressure and by which the landing gear can provide the actual 
pressure flow (in-flow) and the return flow. 

11.2.1.3 Electrical System 

In addition to providing power to other systems, the real world electrical system provides power to the 
sensors, valVM and motors in the hydraulic system. This is modeled in the software system via an inter- 
face by which the electrical system provides the status (on or off) of each of the relevant circuit breakers 
The interface must also allow the hydraulic system to provide the electrical system with the load that it 
places on each of the corresponding circuits. 

11.2.1.4 Hydraulic Control Panel 

The real world hydraulic control panel commands the motor to power on and off and commands the 
valves to open and dose. The hydraulic control panel also displays the status of the hydraulic system via 
a selected set of parameters. These r ; meters include pump and motor status (on or off), valve posi- 
tion. indicated pressure and indicatec ervoir quantity. The interface between the simulated hydraulic 
system and the simulated hydraulic control panel must provide a mechanism by which these parameters 
are passed between the two. 
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11.2.1.5 IOS 

The IOS allows an operator to control the overall simulation. For this example, the operator may insert 
malfunctions and display and modify certain object state variables. 

11.2.1.6 Malfunctions 

Table 1 presents a list of simulated malfunctions which effect the Hydraulic System CSCI. 


Malfunction name I Description I Allocation 


PUMP-#1 FAILURE 

Pump #1 does not produce fluid 
flow when prime mover is provid- 
ing RPM. 

Hydraulic Pump. 

PUMP— #2 FAILURE 

Pump #2 does not produce fluid 
flow when prime mover is provid- 
ing RPM. 

Hydraulic Pump. 

PRESSURE COMPENSATION 
FAILURE #1 

Pump #1 cannot regulate pres- 
sure. Pressure varies wildly with 
demanded flow. Possible water 
hammer transients in circuit #1 . 

Hydraulic Pump. 

PRESSURE COMPENSATION 
FAILURE #2 

Pump #2 cannot regulate pres- 
sure. Pressure varies wildly with 
demanded flow. Possible water 
hammer transients in circuit #2. 

Hydraulic Pump. 

VALVE #1 FAILURE 

Isolation Valve #1 is stuck in 
position it was in at the time mal- 
function was inserted. 

Hydraulic Distribution System. 

VALVE #2 FAILURE 

Isolation Valve #2 is stuck in 
position it was in at the time mal- 
function was inserted. 

Hydraulic Distribution System. 

PRESSURE SENSOR #1 FAIL- 
URE 

Pressure Sensor in circuit #1 
fails to indicate zero (0) psi, 

Hydraulic Distribution System. 

PRESSURE SENSOR #2 FAIL- 
URE 

Pressure Sensor in circuit #2 
fails to indicate over pressure. 

Hydraulic Distribution System,. 

MOTOR #1 FAILURE 

Electric Motor #1 fails to produce 
RPM, but is not jammed. 

Hydraulic Pump Drive Unit. 

MOTOR #2 FAILURE 

Electric Motor #2 fails to produce 
RPM and is jammed. 

Hydraulic Pump Drive Unit. 

CIRCUIT #1 LEAK 

1 GPM leak in circuit #1 . 

Hydraulic Distribution System 

CIRCUIT #2 LEAK 

5 GPM leak in circuit #2. 

Hydraulic Distribution System. 

Table 1 Hydraulic System Malfunctions 

11.2.1.7 Look and Enter Data 

Table 2 presents a list of the Hydraulic System parameters which will be displayed or modified at the instruc- 
tor's station or recorded by the Session Manager Subsystem for any purpose. Of these parameters, reservoir 
quantity and pump flow may be modified by the operator. 

Parameter name 

Description 

Allocation 

MOTOR #1 ON\OFF 

Report commanded on\off status 
of motor #1 . 

Hydraulic Pump Drive Unit. 

MOTOR #2 ON\OFF 

Report commanded on\off status 
of motor #2. 

Hydraulic Pump Drive Unit. 


















































MOTOR #1 RPM 

Report current RPM of motor #1 . 

Hydraulic Pump Drive Unit. *" 

MOTOR #2 RPM 

Report current RPM of motor #2. 

Hydraulic Pump Drive Unit. 

FLUID LEVEL 

Report fluid level in reservoir 

Hydraulic Distribution System. 

PRESSURE #1 

Report current pressure in circuit 
#1. 

Hydraulic Distribution System. 

PRESSURE #2 

Report current pressure in circuit 
#2. 

Hydraulic Distribution System. 

FLOW #1 

Report current flow generated by 
pump #1 . 

Hydraulic Pump. 

FLOW #2 

Report current flow generated by 
pump #2. 

Hydraulic Pump. 

VALVE #1 

Report current open\e!ose status 
of isolation valve #1 . 

Hydraulic Distribution System. 

VALVE #2 

Report current open\close status 
of isolation valve #2. 

Hydraulic Distribution System. 


Table 2 IOS Display parameter list for Hydraulic System 


11.2.1.8 Aural Cue 

The aural cue produces audio sounds of the mechanical devices that are being simulated. For this simu- 
lation, the aural cue will produce motor sounds when a motor is on and pump sounds when a pump is on. 
The interface between the hydraulic system and the aural cue therefore must provide a mechanism to 
transfer these commands from the hydraulic system to the aural cue. 
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Figure 3 Hydraulic System External Association Diagram 

11.2.2 Internal Components 

In terms of the object oriented analysis, the hydraulic system is viewed as an object composed of a 
collection of lower order components that parallel the composition of the real world system. The decom- 
position of the hydraulic system into these components is is shown in figure 4. 



Hydraulic System Object Decomposition 
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11.3 Transition to Design 


In review, classes may be composed of 1 ) other classes, 2) attributes and operations or 3) a combination 
of both. Objects may be 1 ) an instance of one or more classes 2) composed of other objects instantiated 
at a lower level or 3) a combination of both. 


Furthermore, since an object is an instance of a class, one or more objects can be created from a class. 
An obiect instantiated from a class in effect creates a copy of the attributes so that the newly created ob- 
ject takes on its own identity (i.e state), independent of all other instances of the same class. This sup- 
ports the reuse principle A class is said to be reused if more than one object is instantiated from the 

class. 


After the components of the hydraulic system are identified, they are allocated as objects or classes, or 
further broken down into subcomponents. Generally, these components should modeled as a class to 
facilitate reuse. If the abstraction doesn’t already exist as a class, a new class is created and added to 
the reuse pool. If the abstraction (or something reasonably close) does exist as a class, then the class is 
reused and attributes and operations are added, if necessary. 


11.3.1 Sensor Class 

The simulation must support two pressure sensors and one quantity sensor. Since the two types of sen 
sors are similar, a general sensor class is created. The pressure sensors and quantify sensor are then 
created by instantiating the sensor class with the relevant load units and sensed units. 


11.3.2 Reservoir Class 


A hydraulic reservoir class is created from a generic reservoir class much like the quantity and P es ®“ r * 
sensors are created from a generic sensor class. The hydraulic reservoir class is created by instantiating 
the sensor class with the desired volume, volume rate units and time units. 


11.3.3 Drive Unit Class 

A drive unit class is constructed using lower level classes much the same way that the hydraulic pump class 
was constructed. For this simulation the motor of the drive unit is a DC type motor Suppose that' m the i reuse 
pool there exists an electric motor class with attributes of nominaLspeed. nominal jerque, shaft.speec land 
shaft fail (boolean). Since a DC motor is a more specialized type of electric motor, inheritance is used to 
create a DC motor class. The DC motor class inherits the attributes and operations of the electnc motor class 
and adds the attributes load, minimum_voltage, maximum.voltage, nominal Joad n ^ l ^ l -^ e f?^ ld 
naLtorque. Refer to the Elec_Motor_Class package specification on page V-1 7 and the DC_Motor_Class 

package specification on page V-26. 

11.3.4 Hydraulic Pump Class 

A soecialized pressure compensating hydraulic pump class is created by combining the attributes and opera- 
tions of an axial piston pump class, an actuator class and a centrifugal pump class. Because the 9 

hydraulic pump dass is very specialized in nature, it serves to show that by usi ng inheritance and composmoa 
it can be conafuelBd with basic building block classes. The composition of a hydraulic pump is shown in figure 
6 Notice that m axial piston pump class is created by inheriting the attributes and operations of a positive 
displacement pump class and defining additional necessary attributes and operations. The attributes of the 
positive displacement pump class are summarized as follows. 

• Displacement (Gallons) 


Efficiency 
Flow Rate 


(No Units) 

(Gallons Per Second) 


• Total Piston Area (Square_Feet) 

The axial piston pump class attributes include those inherited from the positive displacement pump class plus 
the following: 
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Bias 

(Gallons Per Second) 

Delta_Flow 

(Gallons Per Second) 

loss_Flow 

(Gallons Per Second) 

Pressure 

(Ps.) 

Scale 

(No Units) 

Torque 

(Foot_Pound_Force) 



In this example an additional flow attribute is added to improve the fidelity of the simulation since the flow rate 
attribute provided by the positive displacement pump class is overly simplified. Refer to the Positive_Dis- 
placement_Pump_Class package specification on page V-36 and the Axial_Piston_Pump_Class package 
specification on page V-39. 


HyAmifie 

Pump 


T 

I 

1 




Figure 5 Hydraulic Pump Composition Diagram 
11.3.5 Other Classes 

For this example, the accumulator, distribution system, valve and gear box classes will all be of the nor- 
mal (non-generic) dass yariety. 

In this design, al oontrol (interpreting messages, updating objects, etc.) is handled on the partition level. 
Figure 6 showrtoe real world hydraulic system as an abstract state machine (ASM) and its decomposi- 
tion into classes (abstract data types or ADTs) 
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Notes 



Figure 6 Hydraulic System Composition Diagram 
11.4 Class Specification 

A class specification is implemented as an Ada package. A typical class specification for the SSVTF proj- 
ect contains the following'. 

• Attributes in the form of a limited private record type 

• Type declarations to support the modifiers 

• Modifier specifications 

• Selector specifications 

• A tactual description of the class 

11.4.1 Attributes 

Attributes define the state of the object The attributes are collected in a single Ada record type and are 
made unavailable outside of the package by declaring the record as 'limited private'. This allows an ob- 
ject to be declared of the record type, but none of the attributes defined in the record may be directly ac- 
cessed where the object is declared. Instead, the attributes are accessed via modifiers and selectors. 

11.4.2 Type Declarations 

Types are declared in order to specify parameters that are passed into the modifier operations. An exam- 
ple for a switch class is as follows: 
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- ’/P® - - TLTar.zs - s . * r. i-ialize, Or. , off, 7 $ ; 1 * • 

An input parameter is then specified using this type, such as: 

prccei.re Reques;_Sca-e_Jr.3-;e Tr.spar.ce : in ; S -* C -. 

^ } m ra r.c : : r. ™ o mma r.d s ; ; 

SEEfStSST ^ US6d *" S "“' Cha " 9e ,hS p ° s ' tiOT •<**■* *> =r 

11.4.3 Modifier Specifications 

Modifiers are Ada procedures that allow the state of the object instantiated from that Ha=c to ho 
Modifier names should be in the form of an action verb Reauest State rhann*. rfh« ^ t0 be chan 9 ec) 
o. a modifier Note that since one o, more instances o. &X2£££ 

class is passed to the procedure as an 'in out parameter. This allows the modifier to have access to an 
Rename “ ^ ° ,aSS and a ' S ° a, '° WS 1,16 modifier to chan 9* any a *' b “tes of the class (hlnce 

11.4.3.1 Default Modifiers 

The following modifiers should be specified for each class: 

• Update 

• Request_State_Change 

• Create 

11.4.3.2 Update 

HToon date mod ! f ' er is called Periodically to update the state of the instance of the class. The oeriod of 
the call is passed in as delta time since the previous update. P 

1 1 .4. 3. 3 Request_State_Change 

The Request_State_Change modifier serves a variety of purposes The associated enumeration tuna 
C«nm?nds alfows fh. caller of Reque M .State_Change ££« fhat SSSJS 3a» "a™ its 

beTnserted eXamP ‘ e ' 3 Va ' V6 may a "° W itS pOSi1ion 10 66 chan 9 ed ' or may allow a malfunction to 

11.4.3.4 Create 

Create modifier is typically called once upon partition initialization. It serves to allow the instance to 
be tailored in some way. In the case of an accumulator object minimum and ma^^pressCrerand 

mat 1,16 Cr6ate ° Perati0n iS anal090US 10 Ada e,aboration ' Both ara 

11.4.4 Selector Specifications 

!l at retUm th ® CUrrent va,ue of an attribute associated with the object instan- 
tiated from that dasa. Selector names should be in the form of a noun. An example of a selector follows: 

function Position (Instance : in Object) return Sec .On_Ness; 

tfSfliSf? TnZ m0f ? i ? tances of the c,ass may exjst the specific instance of the class is passed to 
the function. Since a selector cannot change the state of an object the parameter 'Instance' is passed as 

a read-only parameter using the 'in’ qualifier. The selector returns the position of the switch (on or off). 

11.4.5 Textual Description 

t£n d^fi'nrinf ' ?!£" ° f the ClaS u S are in form of Ada comments and contain items such as identifica- 
intomaton ’ reV ' S, ° n ^ Refer 10 the SSVTF Ma <***"8 standards document for more 
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11.5 Class Examples 


11.5.1 The Accumulator Class 

Based on the real-world characteristics of an accumulator as identified in the object oriented require- 
ments analysis the attributes and operations of the accumulator may be listed as shown below. 


Attributes 

Units 

Operations 




Flow Rate 

Gallons/Second 

Modifiers 

Gas Pressure 

PSI 

Create 

Gas Volume 

Cubic Feet 

Request_State_Change 

Fluid Volume 

Cubic Feet 

UpdateState 

Quantity Held 

Gallons 


Minimum Gas Pressure 

PSI 

Selectors 

Minimum Gas Volume 

Cubic Feet 

Flow_Rate 

Maximum Gas Volume 

Cubic Feet 

Quantity_Held 

Minimum Fluid Volume 

Cubic Feet 


Maximum Fluid Volume 

Cubic Feet 



Table 3 Accumulator Attributes and Operations 

From this listing of attributes and operations, a class specification (Ada package specification) is created, 
as shown in Ada Unit 1 on page V-17. 

11.5.2 The Pressure and Quantity Sensor Class 

The simulation of the pressure sensor and quantity sensor are very similar in this example. Each sensor 
has an actual and nominal load placed on the electrical system. Each may be failed by the IOS and each 
makes the sensed value available. The sole difference between the pressure sensor and the quantity 
sensor is the units (i.e. type) of the sensed value (pressure in PSI and quantity in gallons). To take ad- 
vantages of these similarities, a generic class is specified. In order to instantiate the generic, the instan- 
tiation must supply the specific sensed value type (PSI or gallons) to create a more specific class. For the 
purposes of this example, the actual and nominal load type will also be specified as a generic parameter 
to the generic class. 

Note that in this example the generic sensor class is used to create a new class for the pressure sensor 
and a new class for the quantity sensor. While in Ada terms the generic class is instantiated with the ge- 
neric actual parameters, an instance of the class in object oriented terms does not yet exist. 


Attributes 

Units 

Operations 




Bias 

Generic sensed units 

Modifiers 

Load 

Generic load units 

Create 

Nominal Load 

Generic load units 

Request_State_Change 

Output Value 

Generic sensed units 

Update 

Sensor Failed 

Boolean 


Scale 

None 

Selectors 

























































Elec_Load 



Sensed_Output 


Table 4 Generic Sensor Attributes and Operations 


From this listing of generic attributes and operations, a generic class specification (Ada generic package 
specification) is created, as shown in Ada Unit 4 on page V-20. 

11.6 The Hydraulic System Partition 

The hydraulic system partition is an abstract state machine (ASM) implemented as an Ada package. 

The partition can be thought of as the ’glue' or 'smarts' that holds the hydraulic system simulation togeth- 
er. It is at this level that messages are received, interpreted and acted upon. Logic at the partition level is 
responsible for routing relevant data to the lower levels. Likewise, the partition must provide data to the 
outside world. 

11.6.1 Hydraulic System Partition Interfaces 

The hydraulic system partition communicates with the hydraulic control panel, electrical system, landing 
gear, control surfaces, aural cue and IOS. In this example, the hydraulic control panel partition and the 
electrical system partition provide interface definition packages for their respective interfaces. Interface 
definitions between the hydraulic system partition and the other external systems are provided by the hy- 
draulic system partition and maintained in the Hyd_Sys_lntfc_Defn package. 

11.6.2 Hydraulic_System_Partition Package Specification 

Since the partition does not export (in the Ada sense) any operations or data, the content of the partition pack- 
age specification is minimal. By SVM convention, all of the partition’s interface definitions, both internal and 
external are 'withed' into the package specification. Although these packages could technically be 'withed' 
into the package body, they are 'withed' here so that the partition's interfaces become more apparent. 

11.6.3 Hydraulic_System_Partition Package Body 

The hydraulic system partition package body contains the declarations that allocate memory for the hydraulic 
system and instantiates the generic thread executive. It also creates instances of generic classes and defines 
local types. 

11.6.3.1 Generic Class Instantiations 

Three new classes are created via generic class instantiations. A pressure sensor class and quantity sensor 
class are instances of the generic sensor class. Also, a hydraulic reservoir class is instantiated from a generic 
reservoir class. 

11.6.3.2 Local Type Definitions 

Since it is convenient to manage the components of the dual-redundant hydraulic system using two element 
arrays, several array types are created. The index for these array types is an enumeration type defined as: 

type Sys_l_Sys_2 is ( Sys_l , Sys_2); 

These array types are used for creating class instances as well as defining data internal to the partition. Note 
that since anonymous arrays are not allowed by the coding standards, these array types are necessary to 
declare an array. 

11.6.3.3 Message Pointers 

Each message that is to be sent or received must have a unique identifier. The memory for these identifiers 
is allocated (i.e. the data objects are declared) in the hydraulic system package body and are later initialized 
in the Create Data mode routine. 
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11.6.3.4 Class Instances 

Each major component (object) modeled in the simulation is an instance of a class. In Ada terms an object 
is created by declaring a data object using the Object 1 type provided by the corresponding class package. 
The major components of the hydraulic system are the accumulators (2). distribution systems (2), drive units 
(2), isolation valves (2). pressure sensors (2), pumps (2). reservoir and reservoir quantity sensor. 

Using the accumulators as an example of dual components, the 'accumulator' data object is of the array type 
'accumulators’ The array type ’accumulators' is declared as: 

C yp e Accumulators is array { 3ys_l_Sys_2 } of Accumulator^ lass . Object ; 

The data object ’Accumulator' is declared as: 

Accumulator : Accumulators; 

Using these conventions, the accumulator objects take the form: 

System 1 Accumulator: Accumulator (Sys_l) 

System 2 Accumulator: Accumulator (Sys_2) 

Using the reservoir as an example of a single component the ‘reservoir’ data object is declared as: 

Reservoir : Hyd_Reservo ir_Cl ass .Object ? 

11.6.3.5 Internal Data 

Since a partition controls all of the objects contained within it, it is often necessary to create partition-internal 
data to manage the manipulation of of the objects. 

This data may include temporary storage of data that links two or more objects. For example, total return flow 
is internal data that is computed by summing the return flows from the landing gear and control surfaces as 
received in messages from these external systems. The total return flow is later used to update the reservoir 
quantity. 

Internal data may also include identifiers used to help manage the partition in the simulation environment. 
These identifiers include the partition name as a string constant, and the partition ID as a natural number. 

A design decision was made to model the motor relays of the hydraulic system internal to the partition rather 
that creating a separate relay class due to their trivial nature. This is done by creating the following data object: 

Motor_Relay_Power i On_Off_A := (others-> Off); 

where On_Off_A has been previously declared as (in the Orvc_Common_Types package): 

type On_Off_A is array (Sys_l_Sys_2) of Set.On_Ness; 

This demonstrates another use of internal partition data. 

11.6.3.6 Creating Thread_Exec 

Since the partition represents a single executive thread, it must instantiate the generic package Generic Mo- 
del. Periodic lo register the partition name, frequency and all of the partition's mode routines with the SVM 

executive. 
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Ada Unit 1 Accumulator_Class Package Specification 

wl - h St t_Zr.g_ r Jni t s ; 

use Sc i_Sng_Uni ts ; 1 

package Accumulate r_C lass is 

package Seu renames 3 c :: _D ng_U nits; 
type Object is limited private; 
cype '3oT.mar.ds is [Initialize, No_?ressure) ; 

__ *********************** Modifiers *************** 


Commands for Re- 
qu e s tJS ta te_C h an ge 
procedure. 


procedure Create 


[ I ns c a nc e 
Pa rent _Na me 
Init_Press 
Mi n_Gas_Press • 
Mi n_3as_Vol 
Max_Gas_Vol 
Mi n_Fluid_Vol 
Ma x_F 1 u i d_Vo 1 


in out Object; 
in String : = • * ; 

in Seu.Psi; 

in Seu.Psi; 

in Seu .Cubic_Feet ; 

in Seu .Cubic _Feet ; 

in Seu .Cubic_Feet ; 

in Seu . Cubic_Feet ) ; 


procedure Requesc_State_Change (Instance ; in out Object; 

Command : in 
Apply : in 
Pressure ; in 


Commands ; 

Boolean; 

Seu . Psi : = 4000 .0) ; 



procedure Update (Instance 
Pressure 
Del ta Ti me 


in out Object; 
in Seu.Psi; 

in Seu. Seconds) ; 


Called periodically to update 
the state 


__ •• ******************** selectors ******************** — 

function Flow_Race (Instance : in Object) return Seu .Gallons_Per_Second; 
function Quanti ty_Held (Instance ; in Object) return Seu. Gallons; 
private 


Selectors to get state 
values maintained by 
object 


type Object is 
record 

Flow_Rate 
Gas_Pressure 
Gas_Voiume 
Fluids Volume 
Quantity_Held 
Min_Gas_Press 
Min_Gas_Vol 
Max_Gas_Vol 
Min_Fluid_Vol 
Ma x_F 1 u i d_Vo 1 
end record; 


Seu .Gal Ions _Per_Second 
Seu . Psi 

Seu .Cubic_Feet 
Seu .Cubic _Feet 
Seu .Gallons 
Seu . Psi 

Seu .Cubic__Feet 
Seu .Cubic_Feet 
Seu .Cubic _Feet 
Seu .Cubic_Feet 


0.0 

0.0 

0.0 

0.0 

0.0 

0.0 

0.0 

0.0 

0.0 

0.0 


The list of attributes for this class. 
Outside of this class, these attributes 
can be modified only via the given 
modllers and selectors specified 
above. This is enforced by declaring 
the record type as limited private. 


end Accumulator_Class ; 


— I Abstract: This package provides a real time simulation of a class 

— I of hydraulic accumulator. 

— I 

— ! Warnings: None. 
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Ada Unit 2 Accumulator Class Package Body 

package bod; Act jmulatcr_Class is 


-- Repcrt^SymboI* used by Crea:e 

procedure Report Symbols 'Instance : in out Object; 

Farent_Name : m String) is separate; 

-- ********** 1 1 **** * Modifiers *** 

procedure Create (Instance 

?a rent _Na me 
Ini t_Press 
Min_Gas_Press 
Mi n_Gas_Vo 1 
Max_Gas_Vol 
Min_Fluid_Vol 
Max_Fluid_Vol 

begi n 

Report_3ymbols .'Instance => Instance, Parent_Name => Parent _Name) ; 


in out 

Object ; 

in 

String := 

in 

Seu.Psi; 

in 

Seu.Psi; 

in 

Seu . Cubic_Feet 

in 

Seu .Cubic _Feet 

in 

Seu .Cubic_Feet 

in 

Seu . Cubic_Feet 


Instance . Gas__P res sure 
Instance . Min_Gas_Press 
Instance . Min_Gas_Vol 
Instance . Max_Gas_Vol 
Instance . Mi n_Fluid_Vol 
Instance .Max_Fluid_Vol 


Ini t_Press ; 

Mi n_Gas_Press ; 
Min_Gas_Voi ; 
Max_Gas__Vol ; 
Min_Fluid_VoI ; 
Max_Fluid_Vol ; 


— Need function here to convert gas pressure to gas volume & 
-- fluid voi ume 


end Create; 


LocaJ to package body This is 
used to enter class attributes 
into the symbol table The IOS 
then has direct ("backdoor) 
access to the attributes. 


procedure Request _State_Change (Instance ; in out Object; 

Command ; in Commands; 

Apply : in Boolean; 

Pressure ; in Seu.Psi := 4000.0} is 

begin 

"case Command is 

when Initialize => 

Instance . Gas_Pressure := Pressure; 

— Add function here to determine gas volume & fluid for this new gas 
-- pressure 

when No__Pressure => 

null ; 

end case; 


end R eque*t_St*t exchange; 


procedure Update (Instance : in out Object; 

Pressure ; in Seu.Psi; 

Delta_Time : in Seu. Seconds) is 

begin 

— NOTE: This procedure is greatly simplified. 

Instance .Gas pressure := Pressure; 

Instance. FI .^ace : = 0.025; 

end Update; 

— *********** **V* ****** * Selectors ************ «* 

. - : - -JP- 

function Flow_Rate (Instance ! in Object) return Seu . GallonS_Per_Second is 
begin 
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er.d r'_ tw_Race; 

i 

»,*«******•#*****•******♦**»********************* 

z^-cz Lon ;uant ity_Keld ' : nsiar.ee : ir. Object] return Seu.3alions is 
ce 5 - r. 

ret urn lnsiar.ee . *uar.t lty_Held ; 
e r.d ;uarc:: y _He i i ; 
end Accumulaior_31ass ; 

Ada Unit 3 Accumulator _Class.Report_Symbols Separate Procedure 

with Symbol _Map; 

separate [ Accumulator_Class) 

procedure Report Symbols (Instance : in out Object; Parent_Name : in String) is 

begin 

— No symbols to report 

null; m 

end Report_Symbols ; 

— I Abstract: This separate reports symbols to the symbol map. 

— I 

— I Warnings: If no symbols are to be reported, this separate could 

— I be deleted. 


IOS does not access any attributes of 
the accumulator class. Report_Synv 
bols can be removed when the parti- 
tion is optimized. See the valve dass 
for an example of reported attributes. 
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Ada Unit 4 Generic_Sensor_Class Package Specification 

;er.eri: 

type L:ad_Uni ts is digits <>; 
eyre Mor._Oim_Vni ts :s digits <>; * 

type Ser.sed_Vnit s is digits <>; 

carnage r.er;: _Ser.sc r_" _ ass is 


The genenc formal parameters. The ac- 
tual parameters are specified when this 
package is instantiated 


eyre Object: is limited private; 

eyre Commands is ; 3ensor_Fai 1 , Senso r__I nco r rec c / ; ^ 

*********************** Modifiers *********************** — 


procedure 


Create {Instance 

in out 

Object ; 


Parent_Name 

in 

String ; = 

' * ; 

Nomina l_Load 

in 

Load_Uni t 

s) ; 

Request_3tate_Change (Instance 

: in out 

Object ; 


Command 

: in 

Commands ; 


Apply 

: in 

Boolean; 


Scale 

: in 

Non_Dim_Uni ts 


Bias 

: in 

Sensed_Units 

Update (Instance 

in out 

Obj ec t ; 


Power_Avai 1 

in 

Boolean; 


Sensed__Input 

in 

Sensed JJni ts } ; 


:= 1 . 0 ; 
: s 0.0) j 


t*«**t**t**»**«»**t*t* Selectors ******************** — 

function Elec_Load (Instance : in Object) return Load_Units, 
function Sensed_Output (Instance : in Object) return Sensed _Units ; 


private 


type Object is 
record 

Bias : Sensed_Units := 0,0; 

Load : LoadJJnits := 0.0; 

No mi nal_Load ; Load_Units := 0,0; 

Output _Value : Sensed_Units := 0.0; 

Scale : Non_Dim_Units : = 1.0; 

Sensor_Fai led : Boolean * = False, 

end record; 


end Generic_Sensor_Class ; 


The sensor may be com- 
manded to fail or read in- 
correctly. 


Note that the 
remaining por- 
tion of tie pack- 
age specifica- 
tion is Identical 
to a normal 
(non-generic) 
package specifi- 
cation 


--1 Abstract: This package provides a real time simulation of a class 
— i of generic sensors. 

— I Warnings: pragma Inline used in body. 


, OWQ5NAL PAGE IS 
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Ada Unit 5 Generic_Sensor_Class Package Body 

, i 

package tody Zener ; -_Sensor_C*ass is 


-- ever leaded Iperacc rs 

’unc::on *** Left : in Ncr._Dim_Ur.ics; Right : in Sensed.Umts) 
return Ser.sed.Units is 

regin 

return ( Ser.sed.Unics (Left) * Righc) ; 
end *♦*; 

pragma Inline [***); 


— Report .Symbols (used by Create) 

procedure Report .Symbols (Inscance ; in out Object, 

Parenc_Name : in String) is separate; 


Modi f iers 


procedure Create 


(Instance 
Parent_Name 
No mi nal.Load 


in out Object ; 
in String := mm ; 

in Load.Units) is 


begin 

Report_3ymboIs (Inscance => Inscance, Parent _Name => Parent _Name! ; 
I ns t a nee . No mi nal _Load := Nominal_Load ; 


end Create; 


procedure Request.State.Change 


begin 

case Command is 

when Sensor_Fail => 

Instance . Sensor.Failed 


Instance : 

: in out 

Object ; 

Command 

: in 

Commands; 

Apply 

: in 

Boolean; 

Scale 

: in 

No n_Dim_Uni ts 

Bias 

: in 

Sensed .Units 


:= Apply; 


when Sensor_Incorrect => 

Instance . Bias := Bias; 

I nstance . Scale := Scale; 


end case; 

end Request.State.Change ; 


1 . 0 ; 

0.0) is 


Default mitiaiiza- 
tion allows user 
to only pass in 
necessary data 


After next update sensor 
will output zero. 


After next update, sensor will 
output accordng to this new 
scale and bias 


procedure Update {Instance 

Power.Avai 1 
Sensed_I nput 

begin 


in out Object; 
in Boolean; 

in Sensed_Uni ts ) is 


if Power_Avail and not Instance . Sensor.Failed then 


Instance . Load 
else 


:= Instance . Nominal.Load; 


Instance .Oucput_Value := 0.0; 
Instance . Load := 0.0; 


end i.f ; 
end Update; 


Input + Instance . Bias; 1 

Sensor value af- 
fected by values 
from Request, 
State .Charge. 
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**+*♦*****»************* 


__ * *********************** * 5elec::rs 

• funcsior. Elec _Lcad : Zr.scar.ce : in Ctr'ecc: return IcadJJnics is 

cegtr. 

return Instance . -cad! ; 
end £ 1 ec _Load ; 

*»t***t******»*«****«*«*»***** , ***** t ******* tMt *** t * # ** ,t * 

function Sensed.Iutcuc -1 Instance : in Object) return Sensed JJnits is 
beg i n 

return { Instance .Outpuc_Value) ; 
end 3ensed_0utpuc ; 
end Generic_Sensor_Ciass ; 

Ada Unit 6 Generic_SensorClasa.ReportSymbols Separata Procedure 

with Symboi.Map; 

separate (Generic.Sensor.CIass) 

procedure Report .Symbols (Instance : in out Object; Parent.Name : in String) is 
begin 

-- No symbols to report 
null; 

end Report. Symbols ; 

— | Abstract: This separate reports symbols to the symbol map. 

— I 

— i Warnings: If no symbols are to be reported, this separate could 
--i be deleted. 
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Ada Unit 7 Elec_Motor_Class Package Specification 

w i - r. 3 " i _Er.g _u'n::s ; 
w i z r. r.g _T ype s ; 

.se St d_Zr.g_Unics ; 
use Sz z_Eng_7ypes ; 

pazkage Elec.Mczor.Class is 

package Seu renames Scd_Eng_Uni t s ; 
package See rer.aT.es 3td_Eng_Types ; 

-ype Object is limited private; 

type Commands is (Motor_Fail ) ; 

***«*#«•**»*#****»***•* Modifiers *****■»*■**** + **♦******** — 

procedure Create (Instance : in out Object; 

Parent_Name : in String := •*; 

Nominal_Speed : in Seu . Radians_Per_Second; 

Nomi nal_Torque : in Seu . Foot_Pound_Force) ; 

procedure Request _State_Change (Instance : in out Object; 

Command : in Commands; 

Apply : in Boolean) ; 

procedure Update (Instance ; in out Object; 

Torque : in Seu . Foot _Pound_Force ; 

Power_Avail : in Boolean); 

-- ********************** Selectors ****#t*****t******** — 

function Shaft_Outpuc (Instance ; in Object) return Seu . Radians_Per_Second; 


private 

type Object is 
record 

Nominal_Speed 
Nominal JTorque 
Shaft_Speed 
Shafts Fail 
end record; 

end Elec_Motor_CIass; 


Seu . Radians_Per_Second 
Seu . Foot_Pound_Force 
Seu . Radians_Per_Second 
Boolean 


= 0 . 0 ; 

= 0 . 0 ; 

= 0 . 0 ; 

= False; 


--I Abstract: This package provides a real time simulation of a class 

— I of electric motor. 

— I 

--I Warnings: pragma Inline used in body. 
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Ada Unit 8 Elac Motor _Class Package Body 

package tody Elec.Mc tor.CIass is 

» * t * * * * 1 1 ***»«»♦♦•******»****♦** M ***** ******’ # * * * f * * * * ’ f * * 

Cver. :aded ire razors 

:mc::;r *♦* Left : Seu . Radians.Per.3ec ond ; Right : Seu .Mcn.Di mensionai) 
return Seu . Radians .Per.Secorid is 

begin 

return Seu . Rad iar.s.Per .Second (Sec.ReaI_6 (Left) * Set.Real.6 (Right)}; 

end 


pragma Inline (***); 

**********★*****♦********+********************************* 


__ Report. Symbols (used by Create) 

procedure Report .Symbols (Instance : in out Object; 

Parent.Name : in String) is separate; 

__ ******************** Modifiers ****************************** 


procedure Create (Instance : in out Object; 

Parent.Name : in String := mm ; 

Nominal .Speed : in Seu .Radians .Per.Second; 

Nominal .Torque : in Seu . Poo t .Pound .Force) is 

begin 

Report .Symbols (Instance => Instance, Parent.Name => Parent.Name); 
— Initialize state to motor off and not failed 


Instance .Nominal. Speed 
Instance , Nominal .Torque 


No mi na 1.3 peed; 
No mi na 1 .To r que ; 


end Create; 


procedure Request .St ate. Change (Instance : in out Object; 

Command : in Commands; 

Apply : in Boolean) is 

begin 

case Command is 

when Motor.Fail => 

Instance . Shaft.Pail := Apply; 


end case; 

end Request.State.Change ; 


procedure Update (Instance : in out Ob]ect; 

Torque : in Seu . Foot. Pound.Force; 

Power.Avail : in Boolean) is 

Sf.l ; S«u. No n.Di mensionai ; 

begin 

__ Based on torque load, available power and shaft status, determine shaft speed 

if (Torque <= Instance .Nominal .Torque) and 

Power.Avail and (not Instance . Sha ft.Fail) then 

Sf.l ;= 1.0 - Seu . No n.Di mensionai (Torque / Instance .Nominal. Torque ) ; 
else 

Sf.l := 0.0; _ ... W 

f/i TT - — . 

end if; I; - 

Instance .Shaft.Speed ;= Instance .Nominal .Speed * Sf.l; 
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end Vpdate ; 

•***«**»*««*••**•***•* Selectors »*****«#t*»*t»»****«*t*t 

t-nct itn 3 ha ft_Cut put {Instance : *in Object) return See . Radians_?er_Secor.d ls 
Crr^ - 

return I Instance . 3haf c_3peed; ; 
e nd 3 ha : t _C u c p u t ; 
end 2 1 ec _Mc t o r _C 1 as s ; 

Ada Unit 9 Elec Motor_Class.Report Symbols Separate Procedure 

with Symbol _Map; 
separate ( Elec_Mccor_Class) 

procedure Report_3ymbols {Instance : in out Object; Parent_Name : in String) is 
beg i n 

— No symbols to report 
nul 1 ; 

end Report_Symbols ; 

-- I Abstract: This separate reports symbols to the symbol map. 

I 

— — i Warnings: If no symbols are to be reported, this separate could 

be deleted. 
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Ada Unit 10 Dc_Motor_Class Package Specification 

wi z r. Z 1 3 _Mc z z z _ 1 * 155 ; 
with 3 ztj£zgj:r.izs; 


use 3id_Zr.g_:r.ics ; 


package Cc_Mctcr_:iass is 

package Z~_:i3 renames Zlec.Mocor.Class; 
package Seu renames 3 1 d _c. ng_ ^ n i ~ s ; 


cype Object is limited private; 
type Commands is (Motor_?ai*) ; 

*********************** Mod i f i e r s 


*********************** — 


procedure Create (Instance 

Parenc_Name 
Max_Vol cage 
Min_Voi cage 
Nomina l_Load 
No mi na 1 _3 peed 
No mi nal_Torque 


in out Object; 
in String : = 

. n Seu. Volts; 

t n Seu. Volts; 

in Seu. Amps; 

in Seu .Radians _Per_Second; 

in Seu . Foot_Pound_Force) ; 


procedure Request _S tat exchange 


(Instance 

Command 

Apply 


in out Object; 
in Commands; 

in Boolean) ; 


procedure Update (Instance 

DeltaJTime 

Torque 

Avail_Power 


in out Object ; 
in Seu. Seconds; 

in Seu . Foot_Pound_Force; 

in Seu. Vo Its) ; 




******************** — 


function Load (Instance : in Object) return Seu. Amps; 

function Shaft_Oucput (Instance : in Object) return Seu.Radians_Per_Second; 



private 


Object is 


ecord 


21ec_Load 

Seu . Amps : = 0.0; 

Elec_Motor 

EmjZls .Object ; 

Max_Vol cage 

Seu .Volts : = 0.0; 

Min_Vol cage 

Seu. Volts := 0.0; 

Nomina l^Load 

Seu. Amps := 0.0; 

Power_On 

Boolean := False 


end record; 


end Dc_Motor_Class ; 


— I Abstract: This package provides a real time simulation of a class 
__l 0 f pc nvotors based on a simple electric motor. 

-- ! 

— i Warning*: Mon* . 


Class used within this class The DC 
Motor dass inherits the attributes and 
operations of the Electric Motor class 
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Ada Unit 11 Dc_Motor_Class Package Body 

package body Dc_Motor_Class is 

— *********************************************************** 


— Report Symbols (used by Create) 

procedure Report_Symbols (Instance : in out Object; 

Parent_Name : in String := ”") is separate; 

************************** Modifiers **************************+ 


procedure Create (Instance s 

Parent_Name s 
Max_Voltage : 
Min_Voltage : 
Nominal_Load s 
Nominal_Speed i 
Nominal_Torque : 

begin 


in 

out Object; 


in 

String : = 


in 

Seu .Volts ; 


in 

Seu .Volts ; 


in 

Seu . Amps ; 


in 

Seu . Radians_Per 

Second; 

in 

Seu . Foot_Pound_ 

Force) is 


Report_Symbols (Instance => Instance, Parent_Name => Parent_Name) ; 
Instance . MaxVoltage := Max_Voltage; 

Instance .Min_Voltage : = Min_Voltage; m — - ■ 

Instance . Nominal_Load : = NominalLoad ; 


— Create electric motor instance 

Em_C Is .Create (Instance => Instance .Elec_Motor, 

Parent_Name -> Parent_Name & " . Motor* , 
Nominal_Speed => Nominal_Speed , 
Nominal_Torque -> Nominal_Torque) ; 

end Create? 

*********************************************************** 


Create provides user spe- 
cified constants to the 
instance of the DC motor. 


procedure Request StateChange 


begin 

case Command is 


(Instance 

Command 

Apply 


in out Object; 
in Commands; 

in Boolean) is 


when Motor Fail => 


Em_Cls .Request_State_Change 


(Instance *> Instance .Elec_Motor , 
Command *> Em_Cls .Motor_Fai 1 , 
Apply => Apply) ; 


end case; 


end Request_State__Change ; 

— *********************************************************** 


procedure Update (Instance x in out Object; 

Delta_Time : in Seu. Seconds; 

Torque * in Seu . Foot_Pound_Force ; 

Avail_Power : in Seu. Volts) is 

begin 

— Motor is operational when power is: (min volts <= avail_power <* max volts) 

Instance . Power_On := ( Instance .Min_Voltage <= Avail_Power) and 

(Avail_Power <= Instance . Max_Voltage) ; 

— Determine shaft speed based on power status and torque load 

Em_Cls . Update (Instance => Instance .Elec_Motor, 

Torque =*> Torque, 

Power_Avail => Instance . Power_On ) ; 

— Return constant load if powered, otherwise return 0.0 

— NOTE: This process could be replaced by a specific function which could 

— vary the returned load based on the input voltage, torque load and 

— shaft speed. 
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if Instance . Power_On then 

Instance. ElecLoad := Instance .Nominal__Load ; 
else 

Instance .Elec_Load := 0.0; 
end if; t 

end Update; 

************************ Selectors ****************************** 

function Load (Instance : in Object) return Seu.Amps is 
begin 

return ( Instance . Elec_Load ) ; 
end Load ; 

*********************************************************** 

function Shaft_Output (Ir • mco i in Object) return Seu .Radians_Per_Seco nd is 


begin 

return ( Em__Cls . Shaf t_Output ( Instance . Elec_Motor )) ; 
end Shaft_Output ; 
end Dc Motor Class; 


Shaft_Output is an attribute of 
the Electric Motor class and is 
made available at the DC Mo- 
tor class via this pass through 
selector. 


Ada Unit 12 Dc_Motor_Class.Report_Symbols Separate Procedure 

with Symbol_Map; 
separate (Dc^Motor^Class ) 

procedure Report_Symbols (Instance : in out Object? 

Parent_Name : in String : = "") is 

begin 
null ? 

end Report_Symbols ; 

— | Abstract* This separate reports symbols to the symbol map. 

— j warnings: If no symbols are to be reported, this separate could 
— be deleted. 




V-28 




Ada Unit 13 Gear._Box_Class Package Specification 


-se St i_Eng_'Jnit s ; 
pa:'«;e iear_3cx_-*3 ss is 

package Seu renames 3td_Zng_ r Jni cs ; 
tyre Object is limited private; 
type Commands is [ 3ear_Seizure) ; 

__ *********************** Modifiers 


procedure Create (Instance : in out Object; 

Parent_Name : in String := mm ; 

Max_Torque : in Seu . Foot_Pound_Force) ; 

procedure Request_State_Change (Instance : in out Object; 

Command : in Commands; 

Apply : in Boolean) ; 

procedure Update (Instance : in out Object; 

DeltaJTime : in Seu. Seconds; 

Torque : in Seu . Foot _Pound_Force ? 

Supply_Speed : in Seu . Radians _Per_Second) ; 

**tt*«*tMt»***t****«* Selectors ******************** — 


function Torque_Load {Instance : in Object) return Seu . Foot_Pound_Force ; 
function ShaftjDutput (Instance : in Object) return Seu.Radians_Per_Second; 


type Object is 
record 

Max_Torque_Load 
Torque_Load 
3haft_Speed 
Seized 
end record; 


Seu . Foot_Pound_Force 
Seu . Foot_Pound_Force 
Seu . Radians_Per_Second 
Boolean 


0 . 0 ; 
0 . 0 ; 
0 . 0 ; 
False ; 


end Cear_Box_Class ? 


j Abstract: This package provides a real time simulation of a class 

i of gear box used for transmission of rotation speed. 

— I 

--I Warnings: None. 
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Ada Unit 14 Gear_Box_Class Package Body 

package tody 3ea r _5c x _C lass :s 

,,, t »»,t*+****tt***tt**tt»*t**«*******+** 


»tt*t««******»t»» 



— Repo rt_3ym.be Is ; ,sed by Create) 

procedure Report _3ymfccls Ir.s:arce ; in ouc „fc] ec t ; 

Parent _Nair.e : in String) is separate; 

******************** Mod fie rs ************************** 

procedure Create (Instance : in ouc Object; 

?arenc_Name : in String := 

Max.Torque : in Seu . Foot _?ound_F ore e) is 

begin 

Report .Symbols (Instance => Instance, Parenc.Name => Parenc.Name); 
Instance . Max_Torque_Load : - Max_ Torque; 


end Create; 

»**t**##t****Mt»***»*************** l * # ** t ** 4t ** ## **** t * # ** 

procedure Requesc.Stace .Change (Instance : in ouc Object; 

Command : in Commands; 

Apply : in Boolean) is 

begi n 

case Command is 

when Gear_Seizure => 

Instance . Seized := Apply; 


end case; 

end Request_State_Change ; 


procedure 

Update (Instance * 

in out 

Object ; 

Del taJTime : 

in 

Seu . Seconds; 


Torque : 

in 

Seu. Foot _Pound_Force; 


Supply_Speed : 

in 

Seu . Radians _Per_Second) 

begin 

Based on 

shaft status, determine 

shaft 

speed and torque load 


if not Instance .Seized then 

I nstance , Sha f t_Speed ;= Supply_Speed; 
I nstance -Torque_Load := Torque; 


else 

Instance . Shaft _Speed := 0.0; 

Instance .Torque _Load : = Instance .Max_Torque_Load; 

end if; 


end Update; 

.t*t****#tftt**t***»***t**** Selectors *********************** 

function Torqua.Load (Instance : in Object! return Seu.Fooc.Pound.Force is 

begin 

return ( Instance .To rque_Load) ; 
end Torque_Load; 


function Shaft_Output (Instance : in Object) return Seu .Radians_Per_3econd is 

begin 

return ( Instance . Sha ft_Speed) ; 

^ end S ha ft _Ou tgut ; 

end Gea r_Bo x^C lass; 


Ada Unit 1 5 Gear_Box_Clasa.Raport_Syinbola Separate Procedure 
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separate . 3ear_3ox_31ass ! 

crc-cedure Reccrt Symbols ' Instance : in out Cb'ect; rarenc_N*ame - ir. 3t 
ce 3 1 ' 

-- No symbols to record 


end Repc rt _3ymbc Is ; 

Acs " rac c ; This separate reports symbols co the symbol map. 

Warnings: I f no symbols are to be reported, this separate could 
be deleted. 


original page ts 
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Ada Unit 16 Driva_Unit_Class Package Specification 


wic'r. i- i.Sr.g.T'/pes : 


wi-r. 2 c_Mo-.or_::ass; 

wicr. 3ear_Bcx_:iass; 

use Scd.Er.gJTypes; 
use 3 cd_ 2 r.gJJr.ics; 

- a -< age 3rive_Unit_Ciass is 

Package Sec renames Scd_Eng_T'/pes ; 
package Seu renames otd_e.r.g_ 

cype Object is limiced private; 

,ype Commands is (Cearbox.Seizure, 
Mocor.taii! ? 


Mo output from gearbox, 

__ Mo output from motor 


Modifiers ************* 


: in out Object; 

procedure Create (Instance . in String := " m : 

Gea r bo x^Ma x_To r que in Seu.Foot_Pound_Force> ; 

procedure Request_Stace_Change ( '. in ^ Commands; 

Boolean) ; 


Apply 5 *- n 


procedure Update ! £ ° M series; 

Del talTi TC =in |-; S -r_p S ound_Force, ; 

Torque * in 


Selectors ************* 


in mhiect) return Seu. Amps; 
function Elec_Lcad (Instance : in Object) re 

i - oHprc] return Boolean; 

function Motor_Or. (Instance = Seu . R adians_Per_Second; 

function Shafc.Speed (Instance : in Object) 


private 


type Object is 

rCC Motor : Dc_Motor_Ciass. Object; 

Gear-Box . Gear Box Class^ecc; 

Mocor_Stacus s 3et.0n_0ff : = Set.Otr. 
end record; 


This dass con- 
sists of more 
than one dass. 


end Dr i ve_Uni t_Class ; 


. . real time simulation of a class 

Abstract: ^•^“^s^onsisting of an electric motor and a 

j gear box. 

— - 1 

--j Warning#: None. 


ORIGINAL PAGE R 
or POOR QUALITY 


V-32 



Ada Unit 17 Drive_Unit_Class Package Body 

package body Drive_Unit_Class is 


— Motor Data from NASA document NASA-91-1 135, "Spec for Acme Elec Motor 

— Co. Type XYZ-123A Electric Motor". 


Motor_Load : constant Seu.Amps 

Motor_Max_Speed : constant Seu . Radians_Per_Second 
Motor_Max_Torque : constant Seu . Foot_Pound_Force 
Motor_Max_Volts : constant Seu. Volts 
Motor Min Volts : constant Seu. Volts 


1.0; 

628.0; 

— 6000 rpm 

Class specific data used to 

300 . 0 ; 

create other classes during 

15.0; 


elaboration. 

8.0; 




I*********************************************************** 


— Report_Symbols (used by Create) 

procedure Report_Symbol s (Instance : in out Object; 

Parent_Name ; in String) is separate; 


************************* Modifiers 


*************************** 


procedure Create (Instance : in out Object; 

Parent_Name : in String := " " ; * 

Gearbox_Max_Torque ; in Seu . Foot_Pound_Force) is 


begin 


Data provided to class during 
elaboration to create other 
class. 


Report_Symbols (Instance => Instance, Parent_Name => Parent_Name ) ; 


Dc_Motor_Class . Create (Instance 

ParentName 
Max_Voltage 
Min_Voltage 
Nomina l__Load 
Nomina l_Speed 
Nominal_Torque 

Gear_Box_Class . Create (Instance => 

Parent_Name => 
Max_Torque -> 


end Create; 


=> Instance .Motor , 

*> Parent_Name & " . dc_motor" , 
=> Kotor_Max_Volts , 


-> Motor_Min_Volts , 

Constant data provided 
by class. 

=*> Motor_Load, “ 

*> Motor_Max_Speed, 

=> Motor Max Torque); 


Instance . Gear_Box, 

Parent Name Sr "-gear by y" r 

Data provided by class 

Gearbox_Max_Torque) ; 

create procedure. 


*********************************************************** 


procedure Request_State_Change (Instance t in out Object; 

Command : in Commands; 

Apply : in Boolean) is 

begin 

case Command is 

when Gearbox_Sei zure => 

Gear_Box_C lass . Request_State_Change 
(Instance => Instance .Gear_Box , 

Command => Gear BoxClass .Gear_Seizure, 

Apply => Apply) ; 

when Hotor_Fail => 

Dc_Motor_Class .Request_State_Change 
(Instance => Instance .Motor , 

Command => Dc_Motor_Class . Motor_Fail , 

Apply => Apply); 


end case; 

end Request_State_Change ; — " — 

***■******* + *************************♦********************** 


procedure Update (Instance i in out Object; 

Avail_Power : in Seu. Volts; 

DeltaTime : in Seu. Seconds; 

Torque t in Seu . Foot_Pound_Force) is separate; 


— ************************** 


Selectors ******************************** 
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function' Elec_Load (Instance : in Object) return Seu.Amps is 
begin 

return ( Dc_Motor_Class . Load ( Ins tance . Motor )) ; 
end Elec_Load; 

****#********#****************+*****★***+**+***+***+*****+* 

function Motor_On (Instance : in Object) return Boolean is 
begin 

return ( Instance . Motor_Status = Set. On); 
end Motor_On? 

******■*** + + ****♦ + •*********★**** + *** + **** + **★*** + ***★* + +■**** 

function Shaft_Speed (Instance : in Object) return Seu ,Radians_Per_Second is 
begin 

return (Gear_Box_Class . Shaf t_Output ( Instance ,Gear_Box )) ; 
end Shaft_Speed; 
end Drive_Unit_Class ; 

Ada Unit 18 Drive_Unit_Class.Report_Symbols Separate Procedure 

with Symbol_Map? 

separate (Drive_Unit_Class ) 

procedure Report_Symbols (Instance : in out Object; Parent_Name : in String) is 
begin 

-- No symbols to report 
null ; 

end Report_Symbols ; 


— | Abstract: This separate reports symbols to the symbol map. 

“i 

— | Warnings: If no symbols are to be reported, this separate could 
— I be deleted. 


Ada Unit 19 Drive_Unit_Class.Update Separate Procedure 

separate ( Drive_Unit_C Lass ) 

procedure Update (Instance : in out Object? 

Avail__Power : in Seu. Volts? 

Delta_Time : in Seu. Seconds; 

Torque i in Seu . Foot_Pound_Force) is 

begin 

— Update electric motor 

Dc_Motor_Class .Update 

(Instance *> Instance .Motor , 

Delta_Time ~> DeltaJTime, 

Torque «> Gear_Box_Class . Torque_Load ( Instance . GearBox ) , 

Avail_Power => Avail_Power ) ; 

— Set motor Status flag 

if Avail_Power >= 0.1 then 

Instance . HotorStatus := Set. On? 
else 

Instance .MotorStatus := Set. Off? 


end if? 
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w 


— '.'peace 3ear cox 

3ear_Bcx_CIass . Update 

:r.s:ar.cei -> Instance . 3ear_Bcx r 

7e i c a _? i me => De I c a _T i xe . 

7: :^ue => Torque, 

S^pc ly_ 3 peed => Dc_Mo cor .Class . Sha: c_Cucput ; Instance . Motor) ) ; 


Abstract: This package contains Che Drive Unit Class Updace 
procedure . 


Warnings: No r.e . 
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Ada Unit 20 Positive _Displacement_Pump_Class Package Specification 

» 


w i ;r. 




Types; 


use Sr d_2ng_U ni cs ; 
use S z z _2 r.g _Typ es ; 

package Fr s ; r ; ve _T i s c 1 a c e ment _?u mp_C lass :s 

package Seu renames 3td_Eng_Uni t s ; 
package Sec renames Std_Eng_Types ; 

cype Object is limited private; 

type Commands is ( Set_Ef f lc iency) ; 

********************** Modifiers ******* 


procedure 

Create (Instance 

: in out 

Object ; 


Parenc_Name 

: in 

String : = * m ; 


Efficiency 

: in 

Seu .Non_Dimensional : = 1.0; 


Number_Of_Pistons : in 

Integer ; 


Piston_Area 

: in 

Seu . Square_Feet ) ; 

procedure 

Request _State_Change { 

! Instance : 

Command : 

Apply : 

Efficiency ; 

in out Object; 
in Commands; 
in Boolean; 

in Seu .NonJOi mens ional : = 1 

procedure 

Update (Instance : in 

out Object; 



Stroke : in 

Seu . Feet 



Rotation : in Seu . Radians_Per_Second) ; 

__ ********************** Selectors ********************* 

f unc cion Flow (Instance : in Object) return Seu .Gal Ions _Per_Second; 
private 

type Object is 


record 


Displacement 

; Seu. Gallons 

it 

o 

o 

Efficiency 

: Seu .No n_Di mens ional 

:= 1.0 

FIow_Race 

: Seu . Gal lons_Per_Second 

; = 0.0 

To t a 1 _? i s con_Ar ea 
end record; 

: Seu . Square_Feet 

;= 0.0 

Posit i ve_Displacemenc_ 

.PumpjClass ; 




-- | Abstract; This package provides a real time simulation of a class 
-- \ of a hydraulic positive dispacement pump. 

--I 

--1 Warnings: pragma Inline in body. 
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Ada Unit 21 Positlve_Displacement_Pump _Class Package Body 

pa : <age cod y Posit: ve _C i spl acemer.c _?ump_: i ass is 
type ?evs_?er_3ecar.d is new Sec . Rea i _6 ; 


-- r ver i : ^ced operators 

fur.ction * * * ii.eft : ir. Seu . 3a 1 ions ; Right : in Revs_Per_Second) 
return Seu . 3a 1 lons_?er_Second is 


beg : n 

return ( Seu . 3a I Ions_Per_Second 'Set.Real_6 (Left) * Sec.Real_6 {Right})); 
end * * * ; 

function "* * (Left : in Seu. Gallo ns _Per_Second; 

Right : in Seu. Non_D i mens ional) 
return Seu .Gallons _Per_Second is 

begin 

return (Seu . Gal lons_Per JSecond (Set.Real_6 (Left) * Set.Real_6 (Right))}; 



end ***; 

function w * m (Left ; in Seu Square_Feet ; Right : in Integer) 
return Seu . Square_Feet is 

beg i n 

return ( Seu . Square_Feet (Sec.Real_6 (Left) * Set.Real_6 (Right))); 
end ** m ; 

function *** (Left : in Seu . Square_Feet ; Right : in Seu. Feet) 
return Seu .Cubic_Feet is 

begin 

return ( Seu . Cubic_Feet (Set.Real_6 (Left) * Set.Real_6 (Right))); 


end " * • ; 

pragma Inline '***}; 


-- Report_Synbois (used by Create) 

procedure Report_Symbols (Instance ; in out Object; 

Parent_Name : in String) is separate; 

nr******************** Modifiers *** 

procedure Create (Instance 

Parent_Name 
Efficiency 
Numbe r _0 f _P i s t o ns 
Piston_Area 

begin 

Report_Symbola (Instance => Instance, Parent_Name => Parent_Name) ; 
Instance. Ef f iciency := Efficiency; 

Instance. Total_Piston_Area ;= Piston_Area * Number _Of_Pis tons; 
end Create; 


: in out Object; 

: in String := mw ; 

: in Seu .No n_Di mens ional := 1.0; 

: in Integer; 

; in Seu . 3quare_Feet) is 


procedure Request_S tace_Change 


(Instance 

Command 

Apply 

Efficiency 


in out 
in 
in 
in 


begin 


Object ; 

Commands ; 

Boolean; 

Seu .No n_Di mens ional 


1.0) is 


case Command is 

when Set_Eff iciency => 
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it Apply “hen 

Instance . 3? fit Ler.cy ;= Er:;-::er.cy; 

* 

end if; 
er.d rase; 

end Request _State jZhange ; 

***********«************** iri, ***************** + *** + ********* 

procedure update (instance ; in out Objec*-# 

Stroke ; in Seu. Feet; 

Rotation : in Seu . Radians_Per_3econd} is 

5peed_Rps : Revs_?er_Second ? 

Cisplacement_Ft__Cubed : Seu .Cubic_Feec ; 

begin 

__ Calculate Displacement in ga “ns (1 gallon = 0.133681 cubic_feet) 

Instance .Displaceme- := 

Seu. Gallon- ({In* ;ce. l_Piston_Area * Stroke) / 0.133681); 

-- Convert rotatic to re _per_. . -ond -> 

rps = { rads/sec j * {1 rev/ 2 (pi) rads) 

Speed^Rps : = Revs_Per_3econd (Rotation * 0.159155); 

— Based on displacement, rotaional speed, and efficiency, determine flow race 

Instance . Flow_Rate : = 

( Instance .Displacement * Speed_Rps) * Instance . Efficiency, 
end Update; 

_ _ *********************** * Selectors ****************************** 

function Flow (Instance : in Object) return Seu.Gallons_Per_Second is 
begin 

return ( Instance . Flow_Rate) ; 
end Flow; 

end Posit ive_Displacement_Pump_Class; 

Ada Unit 22 Poaltlve_Dlsplac«niant_Puinp_Cla«a.Report_Syinbola Separate Procedure 

with Symbol _Map; 

separate ( Posit i ve_Displacement_Pump_Class) 

procedure Report _Symbo Is (Instance ; in out Object; Parent_Name : in String) is 
begin 

— Mo symbols to report 
null ; 

end Report_Sy«feols; 

— ! Abstract; This separate reports symbols to the symbol map. 

Warnings; If no symbols are to be reported, this separate could 
--I be deleted. 
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Ada Unit 23 Axi*l_Piston_Pump_Class Package Specification 

wi - r. c-d_£r.g_Types,- 
wi i h i c d_Sr.g JJni " s ; 

w _ - r. ? : a ::i ve_Di spla cement _?ump_Class ; 


use St c_Eng_7yres ; 
use S t o_ir.g_ . r. i - s ; 


package Ax i a 1 : 3 1 o n _? u x.p_ : lass is 


package Sec renames SCd_Eng_Types ; 
package Seu renames 3td_Eng_Unit s ; 

cype Cbjecc is limiced private; 

cype Commands is (Modi £y_Ef ficiency, 

••a******************** Modifiers ** 

procedure Creace (Inscance 

Parenc_Name 
Number _0f _P is cons 
Piston_Area 


Set_Delta_Flow) 


Commands used to 
modify state data with Re- 
quests late _C h an ge 


in ouc Object; 
in String := **; 

in Integer; 

in Seu . Square,. Feet ) ; 


procedure Reques t_Stace_Change 


(Inscance : in out 
Command : in 
Delta_Flow : in 
Efficiency : in 


procedure Update (Instance 
Press 

Rotat ion_Rate 
Stroke 


Object ; 

Commands ; 

Seu . Gallons_Per_Second := 0.0; 
Seu . Non_Dimensional : = 1.0); 

: in out Object; 

: in Seu.Psi; 

: in Seu . Radians_Per_Second; 

: in Seu. Feet) ; 


Request_State_Change 
to provide mai function and 
reset capability. 


********************** Selectors ******************** — 

function Flow (Inscance : in Object) return Seu .Gallons _Per_Second; 

function Pressure (Inscance : in Object) reCurn Seu.Psi; 

function Torque (Inscance : in Objecc) return Seu.Foot_Pound_Force; 


private 


type Object is 
record 
Bias 

Del ta_Plow 
Flow 

Loss^Flow 
Pd_Pump 
Pressure 
Scale 
Torque 
end record; 


Seu .Gallons_Per_Second : = 0.0; 

Seu .Gallons_Per_Second := 0.0; 

Seu . Gallons_Per_Second := 0.0; 

Seu . Gallons_Per_Second := 0.0; 

Posit i ve_Displacement_PumpjClass .Object ; 

Seu.Psi := 0.0; 

Seu . Non_Dimensional := 1.0; 

Seu . Foot_Pound_Force : = 0.0; 


end Axial_Pleton_Puxnp_Class ; 


Use of another dass within 
thisdass. 


Abstract: This package models a hydraulic pump which uses an 

axial piston arrangement to generate hydraulic pressure 
based on rotational speed. 


Warnings 


None . 
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Ada Unit 24 Axial _Pi«ton_Pump_Class Package Body 

tody Ax i a 1 - 3 1 o n_? u mp _C ..ass is 

*********************************************************** 


-- Cver loaded Iterators 

Function "** l,e f t : i n Seu . Non.DLmens ior.ai ; 

a.gnt : in Sea . 3a 1 Ions _?er_Seco non- 
return Sea. Sal lons.Per .Second is 

teg i n 

return ( Seu . Gal Ions .Per .Second ( Set . Rea 1.6 (Right) * Set.Reai_6 (Left})); 
end ***; 

function **' (Left : in Seu . Non-Dimensional ; Right : in Seu.Psi} 
return Seu.Psi is 

begin 

return (Seu.Psi (Set.Real_6 (Right) * Set.Real_6 (Left))); 
end **'; 

pragma Inline (***); 

__ *********************************************************** 

— Loss Flow Rate Function 

function Calc.Loss.Flow (Pressure : in Seu.Psi; 

Flow.Rate : in Seu . Gal Ions .Per.Second) 
return Seu . Gal lons.Per.Second is 

Flow.Sf : Seu.Non.Dimensional ; 

begin 

— Need function here to produce the following flow.sf's: 

Press Flow_sf 

400.0 0.001 

1690.0 0.01 

2800.0 0.10 

-- NOTE; For now, use hard coded value of 0.05 (5% loss) 

Flow.S f ; = 0.05; 
return (Flcw_Sf * Flow_Race} ; 
end Calc.Loss.FI ow; 

t^tttttMtttttuttt***************************************** 

— Calculate Torque Function 

function CalcJTorque (Speed : in Seu . Radians.Per.Second; 

Flow : in Seu . Gal Ions .Per.Second) 
return Seu . Foot.Pound.Force is 

begin 

— Need some sort of function to obtain torque based on flow rate & speed. 

— For now, uh constant value. 

return (15.0); 
end CalcJTorque; 


-- Report. Symbols (used by Create) 

procedure Report .Symbols (Instance : in out Object; 

Parent_Name : in String := **) is separate; 


Modifiers 


*************************** 


procedure Create 


begin 


(Instance 
Parent .Name 
Number.Of.Pistons 
Piston.Area 


in out Object; 
in String ;= 

in Integer; 

in Seu . Square.Feet) is 


Report .Symbols (Instance => Instance, Parent.Name = > Pa rent .Name ) ; 
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= cs : ::veJ3 1 sc 1 ac emer.c _?ump_C lass . Create 
I esc a nee => Inscar.ce . ?a_?urp, 

?arenc_NaT,e -> Parent _Nane y * . ?D_?umc * , 

Nurber_Gf _ c isccr.s => Number _0f .Pistons , 

Pisco n_Ax ea = > ?iston_Area ; 

er.r T •reace; 

****** »»************+************************************* w 


Create performed for 
dass contained within 
this dass. 


pr o ;e:-:e Request _3t ate_Change 

0 . 0 ; 

1.0) is 

Peg i n 

case Command is 

when Modi fy_Eff iciency => 


{Instance : in out Ob] ecc ; 

Command : in Commands; 

Delta_FIow : in Seu . Gal lons_Per_3econd := 

Efficiency : in Seu. Non_Di mens ional 


Posit i ve_Displacemenc_Pump_Class . Requesc_State_Change 
(Instance => Instance . Pd__Pump , 

Apply => True, 

Command => Posit! ve_Displacement_Pump_Class . Set_Ef f iciency, 

Efficiency => Efficiency) ; 


when Set_DeLta_Flow => 

Instance . Delta_Flow := Delta_Flow; 


end case; 


end Request_Stace_Change ; 


Maifuncton passed to 
dass contained in this 

dass. 


procedure Update {Instance : in out Object; 

Press : in Seu.Psi; 

Rotat ion_Rate : in Seu.Radians_Per_Second; 

Stroke : in Seu. Feet) is 

Loss_Flow : Seu .Gallons_Per_Second; 


begin 

-- Calculate pump flow based on stroke and speed. Calculate loss flow 
~ based on pump flow and system pressure. Total flow rate consists of 
-- pump flow minus loss flow plus any IOS commanded flow delta. 

Posit 1 ve_Displacement_Pump_Class . Update (Instance => Instance . Pd_Pump, 

Stroke => Stroke, 

Rotation => Rotat ion_Rate) ; 

Instance . Flow ;= Positi ve_Displacement_Pump_Class . Flow { Instance . Pd_Pump) ; 


Update other dass 
from within this 

dass. 


Los 5 _Flow := Calc_Loss_Flow (Pressure => Press, 

Flow_Rate => Instance . Flow) ; 

Instance .Plow := Instance . Flow - Loss_Flow +■ Instance . Delta_Flow; 
— Determine torque from total flow race. 


Use state data from other dass 
to calculate state data for this 
dass. 


Instance. Torque := Calc_Torque 

(Speed => Rotat ion_Rate, Flow => Instance . Flow) ; 


-- Output pressure equals input pressure. 
Instance . Pressure := Press; 


end Update; 

•**•***•*•** ••*«•**** Selectors ********************* — 

function Flow (Instance : in Object) return Seu .Gallons_Per_Second is 
begin 

return ( Instance . Flow) ; 
end Flow; 


Function returns 
dass state data 
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function Pressure [Z~s ranee ; ir. Zz 
-eg in 

return Instance . Pressure; ; 
end Pressure; 

Mttt , <vvvr . ,♦♦♦*******♦******»************♦*****♦******♦»» 

:unc::or. Torque ( lr.se -Since i in Ofc ~ ec t , re -urn -eu. 
teg 1 n 

return , instance .Torque- ; 
end Torque; 

end Axial.? iscon_?ur.p_CIass ; 

Ada Unit 25 AxiaLPiston_Pump_Class.Report_Symbol* Separate Procedure 

with 3ymboI_Map; 

separate ( Axial _Pi ston_Fump_Cl ass) 

procedure Repo rt_ Symbols (Instance : in out Object; 

Parent_Name : in String ;= **} is 

begin 

— No symbols to report 
nul i ; 

end Report_Symbois ; 
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Ada Unit 26 Actuator_Class Package Specification 

w; zr. Sz i _Er.g_Uni " s ; 
with 3td_Er,g_ Types; 

-se Std.Zng.Vnits, 
use Std_Er.g_7ypes ; 


pa r'<a ge Ac: 


.a:or_C.ass is 


package Seu renaj.es 3td_Eng_Uni : s ; 
package Sec renames 3td_Er.g_Types ; 

cype Object is limited private; 

cype Commands is (Set_Leak) ; 

******************* Modifiers ************* 

procedure Create (Instance : in out Object; 

procedure Reques t_State_Change (Instance : 

Command 
Leak_Rate : 


Farent_Name : in String 


r ) . 


in out Object; 
in Commands; 

in Seu .Gal lons_Per_Second) ; 


procedure Update (Instance 

DeltaJTime 

Pressure 


in out Obj ec t ; 
in Seu. Seconds; 

in Psi) ; 


»***t»t*»***ttt««**»** Selectors ********************* - 

function Stroke (Instance : in Object) return Seu. Feet; 


private 

type Inches_Per_Second_Squa red is new Set.Real_6; 

type Object is 
record 


Leak_Rate 

Seu .Gal Ions _Per_Second 

o 

o 

ii 

Spool_Force 

Seu . Pounds_Force 

ii 

o 

o 

Friction 

Seu . Pounds_Force 

o 

o 

II 

Spri ng_Force 

Seu . Pounds_Force 

o 

o 

II 

Accel 

I nches_Per_Second_Squared 

o 

o 

II 

Velocity 

Seu . Feet_Per_Second 

o 

o 

II 

Posit ion_L*im 

Seu . Feet 

o 

o 

II 

S wa s h_Pl a t e _Ang 1 e 

Seu . Radians 

II 

o 

□ 

Stroke 

Seu . Feet 

II 

o 

o 


end record; 
end ActuatorJDlass ; 


--I Abstract; This package provides a real time simulation of a class 
— ) of hydraulic actuators. 

— I 

-- I Warnings: None. 
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Ada Unit 27 Actuator _Class Package Body 

par :<age cr dy Acc arcr.Cass is 


*****<****»*♦* 


,**„.*,. ***** ***** * 


-- ?.epo rt Symbols ,used by Create; 


3 YTj: .-*.3 ; Instance ‘ in ouC Cb;ect; 

prc,ed^«= .re F -— /■-• ?are nt_Name : in String! is separate; 


c;. r{; .»*,**********•****♦***' 


Modifiers 


Procedure Create (Instance : in out Object; Parent _Name : in String 

' ^ Repo r t _S y mbc 1 s (Instance => Instance, Parent .Name => Pa rent .Name) 


end Create; 




Procedure Caiculate.Spcol.Force (Instance : in out Object) is 

begin 


-- NCTE : Operational details have been omitted. 


end Calculate_Spool_Force; 

_ * 

procedure CalcuIace_Accel (Instance : in out Object) is 

begin 

— NOTE: Operational details have been omitted. 


end Calculate_Accel ; 

„ * * * 

procedure Calcuiac^Frictlon^ pres8 _ Input : seu.Psi, is 

beg i n 

NOTE: Op. anal details have been omitted. 


end Calculate_Priction; 


procedure CalculateJ/elocity (Instance : in out Object) is 

begin 

— NOTE: Operational details have been omitted, 
null ; 

end Calcul*C« — Velocity; 

procedure Calculate_Posi c ion (Instance : in out Object) is 

begin 

- NOTE: Operational de. is have been omitted. 


end Calculate_Position; 

procedure C alcuiate_Swash_?late_Angle (Instance : in out Object) 

Ope raoi onal details have been omit e 
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end Oa 1 rul a:e_Swas h_?Iate_Angle ; 

i»t»»*«f*««**«tt , *«»t*******»»*»*********»*»«*****t»«t»**»t 

pr: :ea.re Ca Iculate.Sc roke (Instance : in out Ib;ect) is 

Ccj . r. 

-- mctZ: Operational derails have teen omit red. 
end Cal :uiace_3c rtke ; 


procedure CalcuLate_Adj uscment^Spring (Instance : in out Object) is 
begin 

-- NOTE: Operational details have been omitted, 
null; 

end Calculate_Adj us t mer.t _Sp r i ng ; 


procedure Request_S tat exchange (Instance : in out Object; 

Command : in Commands; 

Leak_Rate : in Seu . Gal lons_Per_Second) is 

begin 

case Command is 

when Set_Leak => 

I ns t a nee . Leak__Rate := Leak_Rate; 
end case; 

end Request_State_Change; 


procedure Update (Instance : in out Object; 

DeltaJTime : in Seu. Seconds; 

Pressure : in Psi) is 

Total_Force : Seu . Pounds_Force ; 

begin 

Calculate_Friction (Instance => Instance, Press_Input => Pressure); 

CaIculate_Adj ustmenc_Spring (Instance => Instance); 

Calculate_Spoo l_Force (Instance => Instance) ? 

Total_Force := Instance . Spool_Force - 

Instance . Spring_Force - Instance . Friction; 

Calculate_Accel (Instance => Instance) ; 

Calculate_V«locity (Instance => Instance); 

Calculate_Posi tion (Instance => Instance) ; 

Calculat«_S*aah_Plate_Angle (Instance => Instance); 

Calculate_Stroke (Instance => Instance); 

end Update; 

— ************************ Selectors ******************* 

function Stroke (Instance : in Object) return Seu. Feet is 
begin 

return { Instance . Stroke) ; 
end Stroke; 

end Ac tuacor_Class ; 

Ada Unit 28 Actuator _Claaa.Report_Symbola Separata Procedure 
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wit r. 5 y txc 1 _Ma p ; 
secarace ; Actuator ass : 

t 

procedure Re po r t _o ynbc 1 3 I Instance : i n out Ofc;ecc; Parent _N T arre : ir. .String; 
teg: - 

-- No symbols to report 
null ; 

e r.d Repo r t y nbc 1 s ; 

Abstract: This separate reports symbols to the symbol map. 

-- \ Warnings: If no symbols are to be reported, this separate could 
-- I be deleted . 
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Ada Unit 29 Centrifugal Pump.Class Package Specification 

t 

w:; r. 3~.z_Z r.g _ Jm c s ; 
w-. _r. 3zz_Z r.g _? ypes ; 


.5c i _Z r.g_v mis , 

.se S c d _Z r.g _T ypes; 

carnage Cent n :ugai_?ump_Class is 


parloge Seu rer.axes Std_5ng JJnits ; 
package Sec renames Std_Eng_Types ,* 

cype Objecc Ls limited private; 


********************** 


di f ie^s '»*********************** — 


prccedu re Create (Instance : in out Objecc; Parent_Name : in String) ; 


procedure Update (Instance 

Delta JTi me 
Supply_Speed 
Fluid_Avail 
Cons umed_F low 


in out Object; 
in Seu. Seconds; 

in Seu . Radians _Per_Second; 

in Boolean; 

in Seu . Gallons_Per_Second) ; 


•»**«ttt**tt**»**t**«* Selectors ********************* -- 

function Torque (Instance : in Object) return Seu . Foct_Pound_Force ; 
function Pressure (Instance : Object) return Seu.Psi; 

function Co ns umed__Flow (Instance : Object) return Seu.Gallons_Per_Second; 


private 

type Object is 


record 


Torque : 

Seu . Foot_Pound_Force 

:= 0.0 

Press : 

Seu - Psi 

:= 0.0 

Flow : 

Seu. Gal Ions _Per_Second 

ii 

o 

o 

end record; 




end Cent ri f uga!_Pump_Class ; 


— ! Abstract: This package provides a real time simulation of a class 
— i of hydraulic centrifugal pumps which pressurize fluid 

— i based on input shaft rotation speed. 

-- i 

--I Warnings: None. 
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Ada Unit 30 Centrifugal J>ump_Class Package Body 

par<age body Cent n fugal .Pumper lass is 


-- Report Symbols . used by Create'* 

procedure Report .Symbols I Instance : in out Object; 

Parent _Na me : in String := "i is separate; 

* ***** * Modifiers ************************** 

procedure Create [ Instance : in out Object; Parent_Name ; in String! is 
begin 

Report .Symbols [Instance -> Instance, Parent_Name => ?arent_Name) ; 
end Create; 


procedure Update (Instance 

OeltaJTime 
Supply .Speed 
Fluid.Avail 
Cons umed.F lew 

begin 


in out 

Obj ect ; 

in 

Seu . Seconds ; 

in 

Seu . Radians _Per_Second ; 

in 

Boolean; 

in 

Seu .Gal Ions .Per.Second) is 


-- Set flow rate consumed for output 


Instance . Plow ;= Consumed.Plow; 

— Function needed to convert supply speed, fluid availability and 
-- delta time into pressure. 


Instance . Press := 0.0; 

— Function needed to convert supply speed, fluid availability and 
-- delta time into torque. 


Instance .Torque : = 0.0; 


end Update; 

************************* Selectors ************************ 

function Torque (Instance : in Object) return Seu . Foot_Pound_Force is 
begin 

return ( Instance .Torque) ; 


end Torque; 


function Pressure (Instance : Object) return Seu.Psi is 
begin 

return { Instance . Press) ; 
end Pressure; 


function Conau»d_Flow (Instance : Object) return Seu . Gallons.Per.Second is 
begin 

return ( Instance . Flow) ; 
end Consumed.Plow; 
end Cent ri fugal.Pump .Class ; 


Ada Unit 31 CentrifugaLPumpClass.ReportSymboU Saparata Procedure 

with Symbol _Map; 


separate ( Cent r if ugal.Pump .Class) 

procedure Report .Symbols (Instance 

Parenc.Name 


begin 


in out Object; 
in String := *■) is 


ONQiNAL PAGE IS 
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I 

e r. d 'epo r “ _S ymfco 1 s ; 

Ars~T 3 cc: 7\,.s separate reporcs symbols co cbe symbol map . 

Warr.ir.gs: : : no symbols are co be repcrced, chis separate could 
ce ieleced. 
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Ada Unit 32 Hydraulic_Pump_Class Package Specification 

wi cr. Actuator.IIass ; 
w:;h Ax 1 3 L _? i see r._ Pump .ass ; 
wi - r. Sent r : : uga 1 _?urrp_:i ass; 
with Random; 


with 3td _Sng _Typ e s ; 
wi-r. 3td_Sng_"nit5; 


use Std_Sng_Types ; 
use 3 c-dt Er.g — Unic s ; 


package Hydraulic_?u mp_Class is 

package Sec renames Scd_Eng_Types ; 
package Seu renames 5td_Eng_ r Jnics ; 

type Objecc is limited private; 

cype Comjnands is (Compensacor_Fail , 
Modi fy_Flow_Rate, 
Pump_Fail) ; 


-- Erratic pressure flow from pump 

— Scale pump flow race 

— No flow when pump is driven 


__ *********************** Modifiers 


*********************** — 


procedure Create (Instance : in out Object; Parent_Name : in String j= **) ; 


procedure Reques t_State_Change (Instance 

Command 
Apply 
Bias 
Scale 


procedure Update (Instance : in 

Delta_Time : in 

Fluid_Avail : in 

Shaft_Speed : in 


System_Pressure : in 


; in out Object; 

: in Commands; 

: in Boolean; 

: in Seu.Non_Dimensional := 0.0; 

: in Seu.NonJOimensional ;= 1-0); 

out Object; 

Seu . Seconds ; 

Boolean; 

Seu . Radians _Per_Second ; 

Seu . Psi) ; 


********************** Selectors ******************** — * 


function Consumed_Flow (Instance : in Object) return Seu. Gal lons_Per_ Second; 
function Output_Flow (Instance ; in Object) return Seu.Gallons_Per_Second; 
function Pump_On (Instance ; in Object) return Boolean; 
function Torque (Instance : in Object) return Seu . Foot_Pound_Force; 


private 

type Object is 
record 

Actuator 
Axial_Pump 
Centri f ugal_Pump 
Con*»n*aeor_Fai 1 
Conem—d^Flow 

Flow_ Bias 
Flow_Out 
Flow_Scale 
PresaJOelta 
Pump_Sensor_Failure 
Pump_Status 
Random_Id 
Shaft^Fail 
Shaf t_Speed 
Torque 
end record; 

end Hydraulic_Pump_Class ; 


Actuator Jllass .Object ; 
Axial_Piston_Pump_Class .Object 
Centr i f ugal_Pump_Class .Object ; 


Boolean := False; 

Seu . Gal lons_Per_Second : = 0.0; 
Seu . Galions_Per_Second : s 0.0; 
Seu .Gallons_Per_Second := 0.0; 
Seu. Non_Di mens ional ;= 1.0; 
Seu. Psi := 0.0; 

Boolean ? = False; 

Set .On_Of f i= Off; 

Random. Handle ; 

Boolean False; 

Seu . Radians_Per_Second := 0.0; 
Seu . Foot_Found_Force : = 0.0; 


Thisdass uses 
three other 
d asses. 


I Abstract: This package provides a real time simulation of a class 

of hydraulic pumps composed of an axial piston pump, an 
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Ada Unit 33 Hydraulic.Pump .Class Package Body 

package c-ody Hydra ul ; :_?ump-C lass is 

-- Pump 3a i a From SAGA iocu^er.: NASA- 9 1 - 1076 1 , *5pec tor Acne Hyc r ac I . c ? u mp 
-- Co. Type abc-4 c 6t Hydraulic Pump*. 

Num_Gf_?iscc“s : constant Integer := 5; 

3 i ng 1 e_? iston_Area : constant Seu . Square-Feet ; = 5. 4 541 BE- 3; -- I* diam 

*********************************************************** 


-- overloaded Operators 

function *** (Left : in Seu .Non_ Dimensional ; 

Right ; Ln Sec . Gal Ions _Per_3ecend) 
return Seu. Gallons— Per— Second is 

beg i n 

return Seu . Gal lor.s_Per_ Second (Sec. Real— 6 (Left) * Sec. Real— 6 (Right}); 
end ** * ; 


function *** (Left : in Seu.Psi; Right : in Seu. Non-Dimensional) 
return Seu.Psi is 

begin 

return Seu.Psi (Set.Real_6 ..eft) * Set. Peal-6 (Right)); 

end 


pray .nline (**'); 

n********************************************************** 


— Report-Symbo Is {used by Create} 

procedure Report —Symbols (Instance ; in out Object; 

Parent-Name : in String) is separate; 

-- *********************** Modifiers **************************** 

procedure Create (Instance : in out Object; Parent-Name : in String := *') 
begin 

Report —Symbo 1 s -Instance => Instance, Parent— Name => Parent— Name) ; 

Actuator-Class .Create Instance = > Instance . Actuator, 

Parent— Name => Parent— Name & *.accuat # ); 

Axia- iston-rump -Class . Create 

(Instance => Instance . Axial— Pump, 

Parent-Name => Parent-Name & * .axia 1 -pump* , 

Number— Of— Pistons -> Num_Of-?i scons , 

Piston_Area => Single-Piston_Area) ; 

Centri fuga 1-Pump -Class . Create (Instance => Instance .Centri fugal_Pump 

Parent-Name => Parent-Name & *,cenc_pump 

Random. Initialize (The_Handle => Instance .Random-Id} ; 

end Create; 


procedure R*qu*«t-State-Change (Instance 

: in 

out Object; 


Command 

; in 

Commands; 


Apply 

: in 

Boolean; 


Bias 

: in 

Seu . Non_DimensionaI 

:= 0.0; 

Scale 

: in 

Seu .Non-Dimensional 

:= 1.0) 

begin 




case Command is 




when Compensator-Fail => 




Instance .Compensat ^r-Fail := A* 




when Modi fy_Flow_Rate = > 




Instance . Flow-Scale ;= Sc3‘ 


• 


Instance . Flow_Bias := Set 

s_Per_Second (Bias) ; 
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wren Pump.-ail - > 

Instance. Shaft.Fail := Apply; 

i 

end case. 


lire Request _Stace_Cna nge ; 

tt»»*t***#«M*t***«*t««f**t**t**t**t**»t*t*t*t***M**»»t*** 


Vpda t e (Instance 

in out 

Object ; 

Cel t a .Time 

in 

Seu .Seconds ; 

Fluid.Avail 

i n 

Boolean; 

Shat t. Speed 

in 

Seu . Radians.Per.Second 

Sys t em_? ressure 

in 

Seu.Psi) is separate; 


***************************** Selectors ********************** 

tunc cion Consumed.Flow (Instance : in Object) 

return Seu . Gal lons.Per.Second is 

begin 

return Centr i f ugal.Pump.Class . Consumed .Flow ( Instance . Cencri fugal.Pump) ; 
end Consumed.Flow; 


function Output.Flow (Instance : in Object) return Seu .Gal lons.Per.Second is 
begin 

return ( Instance . Flow.Out) ; 
end Output.Flow; 


function Pump_On (Instance : in Object) return Boolean is 
begin 

return ( Instance . Pump.S tat us = Set. On); 
end Pump _0n; 


function Torque (Instance : in Object) return Seu . Foot.Pound.Force is 
begin 

return ( Instance. Torque) ; 
end Torque; 

end Hydraulic.Pump .Class ; 


Ada Unit 34 Hydraulic_Pump_Cla«a.Raport_Symbola Separata Procedure 

with Symbols; 


separate ( Hydraulic_Pump_Class) 

procedure Report .Symbols (Instance : in out Object; Parent.Name ; in String) is 


begin 


Symbols .Register (Name 

Base .Type 

Tick.Address 

Tick.Size 


Parent.Name 4 ".Flow.Out*, 
Symbols .Real 

Instance . Flow.Out ' Address, 
Instance . Flow.Out ' Size) ; 


end Reporc.Symbols ; 


-- 1 
— 1 

Abstract : 

This procedure 
hydraulic pump 

reports the flow attribute of the 
class to the symbol map. 

_ _ j 
— 1 

Warnings : 

None . 



Ada Unit 35 Hydraulic _Pump_Class.Update Separata Procedure 
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sera r ate Hydraul i : _?u:rp_Ilass 


Instance : 

1 r. tut 

1 b “ e: t ; 

Delta JTi me : 

i r. 

3eu . Seconds ; 

F*_uid_Avail ; 

in 

Boolean; 

Sha ft _3peed : 

in 

Seu . Radi a ns _i 

3ystem_?ressure : 

in 

Seu.rsi; is 


cegi n 

-- (Determine sr.a : t speed based on suppled shaft speed and shaft status, 
if not Instance. 3 ha f t _r a i I then 

Instance . Shaft _3peed := Shaft_Speed; 


else 


Instance . 3 haft _3 peed := 0.0; 


end if; 


— Update Centrifugal Pump 

Centri fugai_Pump__Cl ass .Update 

(Instance => Instance - Centri fugal_Pump, 

Del taJTime => DeltaJTime, 

Supply_Speed => Instance . Sha ft _Speed, m 

Fluid_Avail => Fluid_Avail, 

Consumed_Flow -> Axial_Piscon_Pump_Class . Flow ( Instance. Axial_Pump) ) ; 


— Calculate pressure difference between scavenge pump output pressure and 

— system pressure. Include effects of pressure compensator failure (if 
-- required) . 

Instance . Press_Delta := Syscem_Pressure - Cent ri f ugal_Pump_Class . Pressure 

( Instance .Centrifugal_Pump) ; 

if Instance . Press_De!ta <= 0.1 then 
Instance . Press_Del ta : = 0.0; 


end i f ; 


if Instance . Compensator_Fai I then 

Instance . Press_Delta : - 
Instance . Press JDelta * 

Seu.Non_Dimensional (2.0 * Random. Float_Value ( Instance . Random_Id) ) ; 


end if; 

— Update pressure compensation actuator 

Ac tuator_Class .Update (Instance => Instance . Actuator, 

DeltaJTime => DeltaJTime, 

Pressure => Instance . Press_Delta) ; 

-- Update Axial Piston Pump 

Axi a l_Piston_Pump_Class .Update 

(Instance => Instance . Axi a l^Pump, 

Press => Instance . Press_Delta, 

Rotacion_Jlate => Instance .Shaf t_Speed, 

Stroke => Actuator_Class . St roke ( Instance -Actuator) ) ; 

Instance . Plow_Out : = Axial_Piston_Pump_Class . Flow { Instance. Axial_Pump) ; 
Instance . Flow_Out ;= 

Instance . Flow_Scale * Instance . Flo w_Out + Instance . Flow_Bias ; 

Update ouput variables 

if Shaft_Speed >= 0.1 then 

Instance . Pump_Stacus : = Set. On; 
else 

Instance . Pump_Status := Set-Off; 
end i f ; 


Update of dass uses state 
variable* inputs and output 
of state from other dass. 
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-- ?ut,c :::r-e includes :en::::ugal pu~p ar.d axial piston purrp zorgue :er~s 

1 nszanze . Ter cue := Cer.cnfuga-_?urrp_C- ass .Torque 

; Instance .Cencri ?ugal_?unp: *■ # 

Axi a 1 _? i scor._?urrp_C _ ass . Torque \ * r.s t a n ter . Ax i a ~_?urnp ; 






Acs" rac z : 

This procedure 
Hydraulic Futnp 

provides the periodic update o: the 
Class . 

— ■ 

Warnings : 

No ne . 



Use of state output functions 
from other classes to deter-* 
mine state data 
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Ada Unit 36 Distribution _System_Class Package Specification 

with 3cd_2r.a_yr.its; 
wi-r. 3td_2r.g_Types; 


use 3td_Eng_Uni cs ; 
use 3 cd_Sr.g_?ypes ; 

:a:<a;e Gist r ibut ion_3ys cem_Class :s 

package Seu renames 5c c_Er.g_Jnic»; 
package Sec renames 3 ca_Eng_Types ; 


cype Objecc is limited private; 
type Commands is 'Sec_Leak] ; 

***»*HtM*t***o#H**« Modi f iers 


*********************** — 


procedure Create (Instance : in out Objecc; 

Parent_Name : in String ; = mm ; 

Press jCo ns t : in Seu . Non_Dimensional } ; 

procedure Request _Stac exchange (Instance : in out Object; 

Command ; in Commands; 

Apply 1 in Boolean; 

Leak_Rate : in Seu . Gal Ions _Per_Second ;= 

0.25); — 15 gal per min 


procedure Update 


I nstance 

in out 

Object ; 

DeltaJTime 

in 

Seu . Seconds ; 

Consumed_Plow 

in 

Seu . Gallons_Per_Second; 

Supply_Flow 

in 

Seu . Gal lons_Per_Second) 


********************** Selectors ******************** — 

function System_Pressure (Instance : in Object) return Seu.Psi 


privace 

cype Object is 
record 

Leak_Race : Seu .Gallons_Per_Second 

Sys jConsc ant : Seu . Non_Dimens ionai 

Sys_Pressure : Seu.Psi 
end record; 

end Discribution_Syscem_Ciass; 

-U Abstract : This package models the system of pipes which distribute 

I hydraulic fluid between components. 

--1 

I Warnings: pragma Inline used in body 


= 0.0 
s 0.0 
* 0.0 
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Ada Unit 37 Distribution .System _Class Package Body 

package tody Disc r ibut Lon_Syscem_Ilass is 

__ Overloaded Operators ********************* 

function •** ^ eft : in Seu .Non_Dimensional ; 

Rijr.c : in Seu.3alIons_Per_Secondl 
return Seu . Da i lcns_?er_Second is 

cegin 

return Seu . Sail ar.s_Per_Second (3et.Real_5 {Left; * 3et.Real_6 (Right)); 
end * * * ; 

pragma Inline (***}; 


-- Report Symbols (used by Create) 

procedure Report_Symbols (Instance : in out Object; 

Parent_Name : in String := •') is separate; 

__ ************************** Modifiers ********************************* 

procedure Create (Instance : in out Object; 

Parent_Name ; in String := mm ; 

Press_ConSt : in Seu .Non_Dimensional ) is 

begin 

Report_Symbols (Instance => Instance, Parent_Name => Parent_Name) ; • 
Instance . SysjConstant := Press_Const ; 
end Create; 


Register state data with 
symbol map tor use by 
IQS. 


procedure Request _S tat e_Change 


(Instance 

in out 

Obj ect ; 

Command 

in 

Commands; 

Apply 

in 

Boolean; 

Leak_Rate 

in 

Seu.Gallons_Per_Second := 0.25} is 


begin 

case Command is 

when 3et_Leak => 
if Apply then 

Instance . Leak_Rate := Leak_Rate; 
else 

Instance . Leak_Rate ;= 0.0; 
end i f ; 
end case; 

end Requeet_jS tat exchange ; 


procedure Update (Instance 

Delta_Time 

Consumed_Flow 

Supply_Flow 


in out Object; 
in Seu. Seconds; 

in Seu . Gal ions_Per_Second; 

in Seu.Gallons_Per_Second) is 


Total_Flow : Seu . Gal lons_Per_Second; 
Delta_Press : Seu.Psi; 


begin 

-- Determine pressure change by flow rate into/out of system multiplied by 
— system constant . 

Total_Flow := Supply_Flow - Consumed_Flow - Instance . Lea k_Rate ; 

Del ta_Press := Seu.Psi ( Instance . Sys_Constant * Total_Flow) ; 
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ace r.ew system 


-- laic u lace r.ew system pressure. 

Instance - Sys.Pressure := I nscance .3ys. Pressure 
er.d Veda re ; 

******* * **** * ***** ******* * Selectors ************ 



Oelta.Press ; 


tuner ion System.? res sure [Instance : in Cb;eccJ return Seu.Psi is 
beg i r. 

return : Instance . Sys .Pressure) ; 
end 3ysrem_?ressure ; 
end Discribut ic- n.S y s tern _C lass; 


Ada Unit 38 Distribution _Systefn_Class.R«port_Symbols Separate Procedure 

with Symbols; 

separate (Dist r i but ion.System.Class) 

procedure Report. Symbols (Instance i in out Object; 

Parent.Name : in String := *•) is 


begin 


Symbols .Register 


(Name 
Base .Type 
Tick.Address 
Tick.Size 


=> Parent.Name & * . System.Pressure* 
-> Symbols . Real , 

= > Instance . Sys. Pressure' Address, 

=> Instance . Sys.Pressure' Size); 


end Report .Symbols ; 


Class state data rags- 

tered with symbol map for 
use by IOS. 


--i Abstract: This procedure reports the system pressure attribute of 
__i the distribution system class to the symbol map. 

— 1 

-- l Warnings: None 




Ada Unit 39 Generic Reservoir Class Package Specification 


-.'/re Vc LumeJJnits is digits <>; 

-yre Vc 1 _Ra t e _Ur. i c s is digits <>; 

-yre Time_Uni ts is digits <>; 

Max_lea<_Rate : in Vc 1 _Ra ce_ T Jni t s ; 

package Der.er it _Reservc i r_Class is 

type Object is Limited private; 

type Co rrana rids is { Leak_Mai function, Set^jQty) ; 

__ *********************** Modifiers *********************** - 

procedure Create (Instance : in out Object; 

Parent _Name : in String : = **; 

Init_Qty ; in VolumeJJni ts) ; 

procedure Reguesc^ State_Change (Instance : in out Object; 

Command : in Commands; 

Quantity : in Volume __Units : = 0.0); 

procedure Update (Instance : in out Object; 

Del ta JTime : in TimeJJnitS; 

Consumed_Rate : in Vol_Rate_Units ; 

Re c urned_Ra te : in Vol_Rate_Units) ; 

— »*tMt*»**«******t**** Selectors ******************** — 

function Fluid_Avail (Instance : in Object) return Boolean; 

function Quantity (Instance : in Object) return Volume_Uni ts ; 

private 

type Object is 
record 

Fluid_Avai 1 
Qty 

Leak_Rate 
end record; 

end Generic_Reservoi r_Class ; 


Boolean ;= False; 

Volume_Units := 0.0; 
Vol_Race_Unics := 0.0; 


Totally gerenc dass No dependence 
on SEU/SET This could be instan- 
tiated in English or metric units. User 
needs to ensure units are compatible 


Abstract: This package provides a real time simulation of a class 
of hydraulic reservoirs. 

Warnings: This class should be instantiated with compatiable units 
(i.e. gallons, gallons_per_sec & seconds) to prevent 
incorrect calculations. 


W 
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Ada Unit 40 Generic_Reservoir_Class Package Body 

, i 

package body Oenen z _Reservc ir_C-ass * s 

*♦*♦+**♦***»**+***********************♦+******************* 


-- Overloaded Operators 

function * ,f Left : Vc 1 _Rate_Vnics ; Right : TlT.e_Vr. 1 t 5 ; 
return Voiume_’Jni ts is 

begin 

return { Vol ume_7ni ts (Left) * Vol ume JJni cs (Right)); 
end * * * ; 

*********************************************************** 

-- Report_Symbols (used by Create} 

procedure Report_Symbo Is {Instance : in out Object; 

?arenc_Mame : in String) is separate; 

— ******************** Modifiers ************************** 

procedure Create (Instance : in out Object; 

Parent_Name : in String : = mm ; 

Init_Qty : in Volume_Units) is 

begin 

Report _Synbc Is (Instance => Instance, Parent_Name => Parent_Name) ; 
Instance.Qty := Init_Qty; 

Instance . Fluid_A vail ;= (Instance.Qty > 0.0); ^ 

end Create; 


procedure Request_5tate_Change (Instance : in out Object; 

Command : in Commands; 

Quantity : in Volume_Units := 0.0) is 

begin 

case Command is 

when Leak_Mal function => 

if Instance . Leak_Rate >= 0.0 then 

Instance . Leak_Rate := Max_Leak_Rate ; 
else 

Instance . Leak_Rate :s 0.0; 
end i f ; 

when Set_Qty -> 

Instance.Qty := Quantity; 
end case; 

end Requeet_State_Change; 


Stale variable based 
on input parameters 
from tile procedure. 


procedure Update (Instance 

Delta_Time 

Consumed_Race 

Returned_Rate 


in out Object; 
in Time_Units; 

in Vol_Rate_Units ; 

in Vol_Rate_Units) is 


DelcajQty : VoiumeJJni ts ? 
begin 

Delta_Qty := (Returned_Rate - Consumed_Rate) * Delta_Time; 


Instance.Qty : = Instance.Qty * Delta_Qty; 


OWaiNAL PAG€ fs 
OF POOR QUALITY 


if Instance.Qty <= 0.0 then 
Instance.Qty := 0.0; 
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end if; 

Instance .Fluid_Avail := not ( Instance . Qty <- 0.0); 


end Update; 

* ********************** * Selectors **************************** 

function Fluid^Avail (Instance : in Object) return Boolean is 
begin 

return (Instance , Fluid_Avail) ; 
end Fluid_Avail; 

******★****★****★********★*■***"**★***★★*******★**★********** 

function Quantity (Instance : in Object) return Volume_Units is 
begin 

return ( Inst ance .Qty) ; 
end Quantity; 

end Generic Reservoir Class; 


Ada Unit 41 Generlc_Reservolr_Class.Report_Symbols Separate Procedure 

with Symbols; 

separate (Generic_Reservoir_Class) 

procedure Report_Symbols (Instance : in out Object; Parent_Name : in String) is 
begin 

Symbols . Regi ster (Name => Parent_Name £ * .Quantity"", 

Base_Type **> Symbols .Real, 

Tick_Address *> Instance .Qty r Address, 

Tick_Size => Instance .Qty 7 Size) ; 

end Report_Symbols; 


-- t Abstract: This procedure reports the quantity attribute of the 
-- [ reservoir class to the symbol map. 

— I 

— I Warnings: None. 
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Ada Unit 42 Valve_Class Package Specification 

with Std_Eng_Types; 
with Std_Eng_Unit s; 

use Std_Eng_Types; 
use Std_Eng_Unit s; 

package Valve_Class is 

package Set renames Std_Eng_Types; 
package Seu renames Std_Eng_Units; 


type Object is limited private; 

type Commands is (Initialize, Freeze_Valve) ; 

__ **** ****************** * Modifiers *********************** -- 


procedure Create (Instance : in out Object; Parent_Name : in String 

procedure Request_State_Change (Instance : in out Object; 

Command : In Commands; 

Apply : in Boolean) ; 


procedure Update (Instance ; 

Close_Cmd : 
Open_Cmd : 
Pressure : 
Power : 
Flow Rate : 


in out 

Object ; 

in 

Set ,On_Of f ; 

in 

Set .On__Of f ; 

in 

Seu .Ps i; 

in 

Seu .Volts ; 

in 

Seu .Gal lonsPer Second); 




"") ; 


function Pressure (Instance : In Object) return Seu.Psi; 

function Flow_Rate (Instance : in Object) return Seu .Gallons_Per_Second; 
function Elect rical_Load (Instance : in Object) return Seu. Amps; 
function Ful l_Closed (Instance : in Object) return Boolean; 
function Full_Open (Instance : in Object) return Boolean; 
private 

type Positions is (Open, In_Transit ion, Closed) ; 


type Object is 
record 

Electrical_Load : Seu. Amps := 0.0; 

Flow Rate : Seu . Gal lons_Per_Second := 0.0; 

Movement_Ef f iciency ; Seu .Non_Dimensional := 1.0; 

Power : Seu. Volts : = 0.0; 

Position : Positions := Closed; 

Pressure ; Seu.Psi :* 0.0; 

end record; 


end Valve Class; 


-- | Abstract: This package provides a real time simulation of a class 
— | of hydraulic valves. 

--I 

--I Warnings: None. 
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Ada Unit 43 Valve_Class Package Body 

package body Valve_Class is 

__ *********************************************************** 

-- Report__Symbols (used by Create) 

procedure Report_Symbols (Instance : in out Object; 

Parent_Name : in String) is separate; 

__ *********************** Modifiers *********************** -- 

procedure Create (Instance : in out Object; Parent_Name : in String := 

begin 

Report Symbols (Instance => Instance, Parent_Name => Parent_Name) ; 
end Create; 

*********************************************************** 


procedure Request__State_Cbange 


(Instance 

Command 

Apply 


in out Object; 
in Commands; 

in Boolean) is 


begin 

case Command is 

when Initialize => 

Instance .Pressure 
Instance . Flow_Rate 
Instance .Power 
Instance . Elect rical_Load 
Instance. Position 


0 . 0 ; 

0 . 0 ; 

0 . 0 ; 

0 . 0 ; 

Closed; 


when Freeze Valve => 


if Apply then 

Instance .Movement__Ef f iciency 
else 

Instance . Movement_Ef f iciency 
end if; 


0.0; — freeze valve 

1.0; — unfreeze valve 


end case; 


end Request_St ate_Change; 




procedure Update (Instance 
Close_Cmd 
Open_Cmd 
Pressure 
Power 
Flow_Rate 

begin 


in out 

Object; 

in 

Set .On_Of f ; 

in 

Set .On_Of f ; 

in 

Seu .Ps i; 

in 

Seu .Volts; 

in 

Seu. Gallons Per Second) 


-- NOTE: 


Valve 


operation details have 


been omitted 


Instance .Pressure 
Instance .Power 
Instance ,Flow_Rate 
Instance .Position 


Pressure; 

Power; 

Flow_Rate; 

Open; 


end Update; 

__ ********************** Selectors ******************** -- 

function Pressure (Instance : in Object) return Seu.Psi is 
begin 


return Instance .Pressure; 


end Pressure; 
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function Flow_Rate (Instance : in Object) return Seu .Gal lons_Per_Second is 

begin 

return Instance . Flow_Rate ; 
end Flow_Rate; 

*********************************************************** 

function Elect rica l_Load (Instance : in Object) return Seu. Amps is 
begin 

return Instance ,Electrical_Load; 
end Elect rical_Load; 

__ ★ ***■*******■*■******'***************************************** 

function Full_Closed (Instance : in Object) return Boolean is 
begin 

return (Instance .Posit ion » Closed); 
end Full_Closed; 

*************************************************************** 

function Full_Open (Instance : in Object) return Boolean is 
begin 

return ( Instance .Pos it ion * Open); 
end Full_Open; 
end Valve_Class; 

Ada Unit 44 Valve_Class.Report_Symbols Separate Procedure 

with Symbols; 
separate (Valve_C lass) 

procedure Report_Symbols (Instance : in out Object; Parent_Name : in String) is 
begin 

Symbols. Register (Name => Parent_Name & " r .Position", 

Base_Type = > Symbols . Enum, 

Tick_Address => Instance .Posit ion' Address, 

Tick_Size => Instance .Posit ion' Size) ; 

end Report_Symbols; 

— | Abstract: This procedure reports the position attribute of the 
--{ the valve class to the symbol map. 

— I 

— | Warnings: None. 






Ada Unit 45 Elec_Sys_lntfc_Defs Package Specification 

with Dis; 
with Orvc__Defs; 
with $td_Eng_Types; 
with Std_Eng_Unit s ; 


use Std_Eng_Types; 
use 5td_Eng_Unit s; 

package Elec_Sys_Int f c_Def s is 


package Set renames Std_Eng_Types; 
package Seu renames Std_Eng_Unit s; 


— Circuit Breaker idents from NASA Space Station System Schematic, 

— Document NASA-SS-911-1234 . 


type Cb_Ids is 


(Cb_1021_001, 

Cb_1021_002, 

Cb_1021J>03, 

Cb_1021_004 , 

Cb_l022_001, 

Cb_1022_002, 

Cb_1023_001, 

Cb_1023_002, 

Cb_1031_001, 

Cb_1032_001,. 

Cb_1033_001, 

Cb_1033_002, 

Cb 1033_003) ; 


Hyd Sys Motor Power sys 1 

Hyd Sys Motor Power sys 2 

Hyd Sys Motor Relay Power sys 1 

Hyd Sys Motor Relay Power sys 2 

Hyd Sys Isolation Valve Power sys 1 

Hyd Sys Isolation Valve Power sys 2 

Hyd Sys Pressure Sensor Power sys 1 & sys 2 

Hyd Sys Quantity Sensor Power 

Landing Light Power 

Windshield Wiper power 

UHF Radio Power 

VHF Radio Power 

Radio Control Panel Indicator power 


type Elec_Power is 
record 

Power : On_Off; 

Voltage : Volts; 
end record; 

type Cb_Power is array (Cb_Ids) of Elec_Power; 

******************************************************************** 

— Electric Power Messages -> Power provided to consumers - one to many 
******************************************************************** 


type Elec_Power_Msgs is 
record 

Cb ; Cb_Power; 
end record; 

type Elec_Power_Msg_Ptr s is access Elec_Power_Msgs / 
Elec_Power_Msg_Size : constant Integer := Elec_Power_Msgs' S ize ; 

— message identifiers 

Elec Power_Msg_Id : constant Dis .Message_Id := 

Dis .Register_Message {Parent => Orvc_Def s . Electrical_System, 

Name => *Elec_Power_Msg_ID", 

Bits -> Elec_Power_Msg_Size) ; 

******************************************************************** 

— Electric Load Messages -> Load returned from consumers - many to one 
******************************************************************** 


type Elec_Load_Msgs is 
record 

Cb : Cb_Ids; 

Load : Seu. Amps; 
end record; 

type Elec_Load_Msg_Ptrs Is access Elec_Load_Msgs ; 

Elec_Load_Msg_Size ; constant Integer := Elec_Load_Msgs' Size; 

-- message identifiers 

Elec_Load_Msg_Id ; constant Dis .Message_Id 

Dis .Register_Message (Parent => Orvc_Defs .Electr Ical_System, 


V-65 




Name => "E lec_Load_Msg_ID", 

Bits => Elec_Load_Msg_Size) ; 


end Elec_Sys_Int fc_Def s; 


— 1 
— 1 

Abstract : 

This package contains the Electrical System Interface 
Definition types. 

j 

— 1 

Warnings : 

None . 


Ada Unit 46 Hyd_Control_Panel_lntfc_Defs Package Specification 

with Dis; 
with Orvc_Defs; 

with Std_Eng_Types; 
with Std_Eng_Units; 

use Std_Eng_Types; 
use Std_Eng_Unit s; 

package Hyd_Cont rol_Panel_Int fc_Def s is 

package Set renames Std_Eng_Types; 
package Seu renames Std_Eng_(Jnit s; 

__ ****** ************** *************************************** 

-- Motor Command Messages -> Output to Hyd Sys Electric Motors 
*********************************************************** 


type Motor_Cmd_Msgs is 
record 

Motor_Cmd : Set.0n_0ff; 
end record; 


type Mo t or_Cmd_Msg_P t r s is access Motor_Cmd__Msgs; 


Motor_Cmd_Msg_Size : constant Integer 
Motor_Cmd_Msgs ' Size; 

— message identifiers 

Sys_l_Motor_Cmd_Msg_Id : constant Dis .Message_Id :* 

Dis. Register Message (Parent -> Orvc_Def s .Hydraulic_Control_Panel , 
Name => ' r Sys_l_Motor_Cmd_Msg_ID", 

Bits => Motor_Cmd_Msg_Size) ; 


Sys_2_Motor_Cmd_Msg_Id : constant Dis .Message_Id := 

Dis .Register_Message (Parent => Orvc_Def s .Hydraulic_Control_Panel, 
Name => ' r $ys_2_Motor_Cmd_Msg_ID" , 

Bits *> Motor_Cmd_Msg_Size) ; 

************************************************************ 

— Valve Command Messages -> Output to Hyd Sys Isolation Valves 
************************************************************ 


type Valve_Cmd_Msgs is 
record 

Vlv__Close_Cmd : Set.0n_0ff; 
Vlv_Open_Cmd : Set.OnjOff; 
end record; 


type Va 1 ve_Cmd_Msg_P t r s is access Valve_Cmd_Msgs; 


Valve_Cmd_Msg_S ize : constant Integer 
Valve_Cmd_Msgs' Size; 


— message identifiers 


Sys_l_Va 1 ve_Cmd_Msg_Id 
Dis . Reg ister_Mes sage 


: constant 
(Parent => 
Name => 
Bits => 


Dis .Message_Id :* 

Orvc_Def s . Hydraul ic_Control_Panel , 
' r Sys_l_Valve_Cmd_Msg_ID /r # 
Valve_Cmd_Msg_$ize) ; 


Sys_2_Valve_Cmd_Msg_Id 
Dis .Register_Message 


: constant Dis ,Message_Id :* 

(Parent => Orvc_Def s .Hydraulic_Control__Panel, 
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Name 

Bits 


-> w Sys_2_Valve_Cmd_Msg_ID", 
=> Valve_Cmd_Msg_Size) ; 


end Hyd_Control_Panel_Intfc_Defs; 


--I 
— 1 

Abst ract : 

This package contains the Hydraulic Control Panel 
interface type definitions. 

“* \ 
— 1 

Warnings : 

None . 


Ada Unit 47 Hyd_Sys_lntfc_Defs Package Specification 

with Dis; 
with Orvc_Defs; 
with Std_Eng_Types ; 
with Std_Eng_Unit s ; 

use Std_Eng_Types; 
use Std_Eng_Unit s; 

package Hyd_Sys_Int fc_Def s is 

package Set renames Std_Eng_Types ; 
package Seu renames Std__Eng_Units ; 

__ ************************************************************* 

— Aural Cue Messages -> output to Aural cue system for sounds 
************************************************** ********* 

type Aural_Cue_Msgs is 
record 

Pump_Noise_Sys_l : On_Off; 

Pump_Noise_Sys_2 : On_Off; 

Motor_Noise_Sys_l : On_Off; 

Motor_Noise_Sys_2 : On_Off; 
end record; 

type Aural_Cue_Msg_Pt rs is access Aural_Cue_Msgs; 

Aural_Cue_Msg_Size : constant Integer 
Aural_Cue_Msgs' Size; 

-- message identifiers 

Aural_Cue_Msg_Id : constant Dis .Message_Id :* 

Dis .Register_Message (Parent => Orvc_Def s . Hydraul ic_System, 

Name => ' r Aural_Cue_Msg_ID w , 

Bits => Aural_Cue_Msg_Size) ; 

******************************************************************** 

— Hyd Sys Pressure Messages -> System Pressure provided to consumers 
**************************************************** **************** 

type Hyd Sys Press Msgs Is — one to many -> output to consumers 

record 

Press : Seu.Psi; 
end record; 

type Hyd_Sys_Press_Msg_Ptrs is access Hyd_Sys_Press_Msgs; 

Hyd_Sys_Pres3_Msg_Size ; constant Integer :* 

Hyd_Sys_Press_Msgs' Size; 

-- message identifiers 

Sys_l_Press_Msg_Id : constant Dis . Message_Id ;= 

Dis.Registe r_Me s s age (Parent => Orvc_Def s . Hydraulic_System, 

Name -> ' r Sys_l_Press_Msg_ID' r , 

Bits => Hyd_Sys_Press_Msg_Size) ; 

Sy s_2_P res s_Msg_Id ; constant Dis .Message_ld 

D i sTReg I st er_Me s s age (Parent *> Orvc_Def s . Hydraulic_System, 

Name => ' r Sys_2_Press_Msg_ID /r , 

Bits »> Hyd_Sys_Press_Msg_Size) ; 

__ *********************************************************** 

— Hyd Sys Flow Messages -> Flow rates returned from consumers 
__ * ********************************************************** 
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— many to one -> returned by consumers 


W 



type Hyd_Sys_Flow_Msgs is 
record 

Press_Flow : Seu .Gallons_Per_Second; 

Return_Flow : Seu .Gallons_Per_Second; 
end record; 

type Flow_Msg_Ptrs is access Hyd_Sys_Flow_Msgs; 

Flow Msg_Size : constant Integer := 

Hyd_Sys_Flow_Msgs' Size; 

— message identifiers 

Sys l_Flow_Msg_Id : constant Dis .Message_Id := 

dT sTReg i s t e r _Me s s age (Parent => Orvc_Def s . Hydraulic_System, 

Name => /r Sys_l_F 1 o w_Msg_ID w , 

Bits => Flow_Msg_Size) ; 

Sys_2_Flow_Msg_Id : constant Dis .Message_Id := 

Dis . Regi ste r_Message (Parent *> Orvc_Def s . Hydraulic_System, 

~ Name *> * Sys_2_Flow_Msg_ID" , 

Bits *> Flow_Msg_Size) ; 

****************************************************************************** 

-- Hyd Status Message -> Pump, Motor & Valve Status Returned to Hyd Control Panel 

****************************************************************************** 

type Hyd_Status_Msgs is — returned to hyd control pnl by hyd sys 

record 

Motor_St atus : Set.0n_0ff; 

Pump_Status : Set. On-Off; 

Valve_Sensed_Not_Full_Open : Boolean; 

Valve_Sensed_Not_Full_Closed : Boolean; 

end record; 

type Status_Msg_Ptrs is access Hyd_Status_Msgs; 

Status_Msg_Size : constant Integer 
Hyd_Status_Msgs' Size; 

— message identifiers 

Sys__l_St atus_ M sg_ Id ; constant Dis .Message_Id 

DisTRegister_Message (Parent => Orvc_Def s . Hydraul ic_System, 

Name *> "Sys_l_St atus_Msg_lD" r , 

Bits => Status_Msg_Size) ; 

Sys_2_Status_Msg_Id : constant Dis .Message_Id 

Dis . Register_Message (Parent => Orvc_Def s .Hydraulic_System, 

Name => "Sys_2_Status_Msg_ID" , 

Bits -> Status_Msg_Size) ; 

__ ****************************************************************** 

— Hyd Sys Indicator Messages -> Status returned to Hyd Control Panel 

*************************★*****★**★**■***-************************** 

type Hyd_Sys_Indicator_Msgs is — returned to hyd control pnl by hyd sys 
record 

Sys_l_Press_Indicated : Seu.Psi; 

Sys_2^Pres3_Indicated ; Seu.Psi; 

Sys_Qty_Indicated : Seu. Gallons; 

end record; 

type Hyd_Sys_Indicator_Msg_Ptrs is access Hyd_Sys_Indicator_Msgs ; 

Hyd_Sys_Indicator_Msg_Size : constant Integer :* 

Hyd_Sys_Indicator_Msgs' Size; 

— message identifiers 

Hyd_Sys_Indicator_Msg_Id : constant Dis .Message_Id := 

dTs .Register_Message (Parent -> Orvc_Def s . Hydraul ic_System, 

Name *> ' r Hyd_$ys_Indicator_Msg_ID" , 

Bits => Hyd_Sys_Indicator_Msg_Size) ; 

end Hyd_Sys_Int fc_Def s; 


— | Abstract: This package contains the Hydraulic System Interface 
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definitions . 





Ada Unit 48 Hydraullc_System_Partitlon Package Specification 

with Hyd_Control_Panel_Intfc_Defs; 
with Elec_Sys_Int f c_Def s ; 
with Hyd_Sys_Int f c_De f s; 

package Hydraulic_System_Part ition is 

end Hydraul ic_System_Part it ion; 


External partition 
interface definitions 


— | Abstract: 

— 1 
I 

This package contains the Hydraulic System Partition 
specification . 

1 

-- | Warnings: 

None . 


Ada Unit 49 Hydraullc_System_Partltlon Package Body 

with Dis; 

with Hydraulic_System_Defs; 
with Symbols; 

with Message; 
with Mailbox; 
with Generic_Model; 

with Std_Eng_Types; 
with Std_Eng_Units; 
with Orvc_Common_Types; 

with Gene ric_Reservoir jT lass; 
with Generic_$ensor_Class; 

with Accumulator_Class; 
with Distribution_System_Class; 
with Drive_Unit_Class; 
with Hydraulic_Pump_Class; 
with Valve_Class; 

use Std_Eng_Types; 
use Std_Eng_Unit s; 

package body Hydraul ic_System_Part it ion is 


SVM references 


Class references 


— Package Renames 


package Set renames Std_Eng_Types ; 
package Seu renames Std_Eng_Units; 
package Oct renames Orvc_Common_Types; 


-- Generic Instantiations 


package Pressure_Sensor_Class is 

new Generic_Sensor_Class (Load_Units *> 

Non_Dim_Unit s => 
Sensed Units 


package Quant ity_Sensor_Class is 

new Generic_Sensor_Class (Load_Units *> 

Non_Dim_Unit s => 
Sensed Units *> 


Seu . Amps, 
Seu .Non_D 
Seu .Psi) ; 


imensional. 


Instantiation of generic 
classes for data types 


Seu .Amps, 

Seu .Non_Dimensional, 
Seu .Gallons) ; 


package Hyd_Reservoir_Class Is 
new Generic_Reservoir_Class 

( Volume_Units => Seu. Gallons, 

Vol_Rate_Units => Seu .Gallons_Per_Second, «— 

Time_Units => Seu. Seconds, 

Max Leak Rate »> 0.0333333); — 2.0 gallons per min 


Generic dass instantiation 
with configuration object. 


— Local Types 






-ype Vo i t _A is array 'Coe . 3ys_l_3ys_2 ) of Seu. Volts; 

-y ce ?.px_A » s array Co c . 3 ys _ ys _2 ; oz jeu..-\pn; 

-ype ’ :-cs_A is array 10c c . Sys_i _3ys_2 ) of 3eu . Cal iGns_?er_3eccnd; 

eyre Accumulators is array ;Oct . Sys_i_Sys_2 : of Accumuiat or_Class -Object ; 
e/re 0 : se r : *»it ior_Fystems is array 'Oct . Svs_I _3ys_2 ■ or 

□ is t r i but ior._3ystem._Class .Object ; 

eyre Drive.Vnics is array ( Cct . Sys_l_3ys_2 } of Dr i ve_'Jni t_Class .Object ; 
z'/ze Is : ia: ion _Va i ve s is array ( Oc e - Sys _1 _5ys_2 } of Val ve_Class .Object ; 
eyce Fumes is array { Co e . 3 y s _ i _S y s _2 ) of Hydra u 1 ic_Purnp_^. * ass . object ; 
eype Press JCer.scrs is array 'Oct . Sys_i_Sys_2 ) of 

Pressure_3ensor_CIass .Object ; 


Types used 
intemaJly only by 
this partition 


— Message Pointers 


— Outpurs 

Cb_l 02 i_00 l_Load_Msg_rd 
Cb_1021_00i__Load_Msg 

Cb_i02 l_002_Load_Msg_Id 
Cb_102 l_002_Load_Msg 

Cb_l 02 l_003_Load_Msg_Id 
Cb_l 02 1 _0 0 3 _Load_Msg 

Cb_102 l_004_Load_Msg_Id 
Cb_lQ21_0Q4_Load_Msg 

Cb_l 02 2_00 l_boad_Msg_Id 
Cb_l 0 2 2 _0 0 1 _Load_Msg 

Cb_1022_002_Load_Msg_Id 

Cb_1022_002_Load_Msg 

Cb_1023_001~_Load_Msg_Id 
Cb_102 3_00l_Load_Msg 

Cb_l 0 2 3 _0 0 2 _Load_Msg_I d 
Cb_102 3 _002_Load_Msg 


Message . Out_Msg; 

Elec_3ys_Int fc_Def s . £lec_Load_ Msg_Pt rs ; 
Message . Out_Msg; 

Elec_Sys_Int fc_Def s . Elec_Load_Msg_Ptrs ; 
Message . Out _Msg ; 

Elec_Sys_Int f c_Defs . Elec_Load_Msg_Pt rs ; 
Message.Out_Msg; 

Elec_Sys_Intfc_Defs . Elec_Load_Msg_Ptrs; 
Message . Out_Msg; 

Elec_Sys_Intfc_Defs , Elec_Load_Msg_Ptrs; 
Message . Out_Msg; 

Elec _Sys_Intfc_Defs. Elec _Load_Msg_Ptrs; 
Message . Out_Msg ; 

Elec_Sys_Int fc_Def s . Elec_Load_Msg_Ptrs ; 
Message .Out _Msg; 

Elec_Sys__Int fc_ Def s . Elec_Load_Msg_Ptrs; 


Aural _Cue_Msg_Id : Message . Out _Msg ; 

Aural_Cue_Msg : Hyd_Sys_Int fc_Defs . Aural_Cue_Msg_Ptrs ; 


3ys_i_?ress_Msg_Id : Message .Out _Msg; 

Sys_l_Press_Msg : Hyd_Sys_Int fc_Defs . Hyd_Sys_Press_Msg_Ptrs; 

Sys_2_Press_Msg_Id : Message .Out _Msg; 

Sys_2_Press_Msg : Hyd_Sys_Int fc_Defs . Hyd_Sys_Press_Msg_Ptrs ; 
Sys_l_Stacus_Msg_Id : Message . Out _Msg ; 

Sys_l_Status_Msg : Hyd_Sys_Int fc_Def s . Status_Msg_Pt rs ; 

Sys_2_Status_Msg_Id : Message .Out _Msg ; 

Sys_2_Status_Msg : Hyd_Sys_Int fc_Def s . Status_Msg_Ptrs ; 
Hyd_Sys_Indicator_Msg_Id : Message.Out.Msg; 

Hyd_3ys_Indicator_Msg : Hyd_Sys_Int f c_Defs . Hyd_Sys_Indicator_Msg_Pt rs ; 


— Inputs 


Sys_l_Flow_Jtiag_Id : Message . I n_Msg ; 

Sys _1 _F 1 o w_)tig : Hyd_Sys_Int fc_Defs . Flow_Msg_Pt rs ; 


Sys_2_Plow_Msg_Id : Message . I n_Msg; 

Sys_2_Flow_Msg : Hyd_Sys_Int fc_Def s . Plow_Msg_Pt rs ; 


Elec_Pwr_Msg_Id : Message . I n_Msg; 

Elec _P wr _Msg : Elec_Sys_Int fc_Def s . Elec_Power_Msg_Pt rs ; 


5ys_l _Mo tor_Cmd_Msg_Id 
Sys_l _Mo c o r _Cmd_Msg 


Message . I n_Msg ; 

Hyd_Control_Panel_Int fc_Def s , Motor_Cmd_Msg_Ptrs ; 


Sys _2 _Mo to r _Cmd_Msg_Id 
Sys_2_Motor_Cmd_Msg 


: Mes sage . I n_Msg ; 

: Hyd_Cont rol_Panel_Intfc_Defs .Motor_Cmd_Msg_Pt rs ; 


Sys_l _Va 1 ve JC md_Msg_I d 
S ys _1 _Va 1 ve_Cmd _Msg 


Message. In_Msg; 

Hyd_Control_Panel_Int fc_Defs . Val ve_Cmd_Msg_Pt rs ; 


Declaration of the 
partition’s external in- 
putf output messages 


V-71 


OaiulNAL PAGE 18 
Of POOR QUALITY 



rV7 "! i I '' 1 < n n 


2 _v 3 :ve_:^G_Msg_:i : Message. -n_Msg; 

2 _Va 1 ve _ J “d Ms a : Kyd_:or.c ro ar.e 


-err.al Partition Hass :r.s:an:es 


:cumula - = r 
ist_3ys 
r i veJJni - 
Iso __V 1 v 
Press_3ensor 
rump 

Qcy _3ensor 
Reservoir 


: Accumulators ; 

; Disc r i but icn_3ys terns ; 

: Dn veJJr.its ; 

: Isolat ion_Va!ves ; 

. ?ress_Sensors; 

: Quantity_Sensor_Class .Object; 

. Hyd_Reser voi r_Class *Ob}ect ; 



2 e r s . V 3 1 ve _3md _Msg _r t r s ; 


Instances of classes - the 
model's (partition’s) state. 


— Internal Partition Data 


Del t Time 
Elap i_Time 
Hyd_-> /S_Mbox 
part ition_Name 
Pid 

Stabilized 


3eu . Seconds ; 

Seu . Seconds 

Mailbox. Mailboxes; 

constant String • = 
Natural : = 

Boolean : = 


0 . 0 ; 

*Hydraulic_System' ; 
42; 

False; 


Motor_Power 

Mo t o r _Re 1 ay_Po we r 

Iso_Vaive_Power 


Volt _A 
On_Of f _A 
Vo 1 1 _A 


(others => 0.0) ; 
(others => Set. Off); 
(others => 0.0); 


Motor_Cmd : On_Of f _A 

VXv Close _C md : On_Off_A 
Vlv_Open_Cmd : On_Off_A 


- (others => Set. Off); 
s (others => Set. Off); 

- (others => Set. Off); 


Motor_Speed : 

Motor_Status 
Pump_Stat us 


Rpm_A : - (others -> 0.0); 

: On_Of f_A := (others => Sec. Off); 
. on_Of f_A (ochers => Sec. Off); 


Toe ReCurn_Fiow : Gps_A := (ochers = > 0.0); 
Toc_Press_Flow : Gps_A := (ochers = > 0.0); 


Num_Mbox_Empcy_ExcepCions : Natural := 0; 



procedure 

procedure 


Initial i zejDutputs is separate; 
Report^Symbols (Parent_Name : in 


String) 


procedure 

procedure 

procedure 

procedure 

procedure 

procedure 

procedure 

procedure 


Initial ize_Model is separate; 
Process_Mailbox is separate; 
Register_Io is separate; 

Update_Inputs is separate; 

U pda te_5upply ..Components is separate; 
Update_Press_Components is separate; 

Outputs is separate; 
Update_Hydraulic_System is separate; 


is separate; 


Temporary vaiuee used to 
transform dasa values to 
external interface* 



procedure Set_Up; 
procedure Creete_Pata; 
procedure Self_In.it; 
procedure System_Init; 
procedure Run; 
procedure Hold; 
procedure Term; 

package Thread_Exec is 


Partition mode routines. 


Generic_Model . Periodic 

(Name => Parti tion_Name, 

Rate => Generic_Model . PlOhz , 
Execuce_Sec_Up_Model => Sec_Up. 
Execuce_Creace_Daca_Model => Create_Daca. 
Execuce_Self_Inic_Model => Self_Imc, 

ExecuCe_Syscem_I nic_Model =# Syscem_Inic. 


Execuce_Run_Model => Run. 


SVM thread 
instantiation. 
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E xec u c e _Hc I 3 _Mc del = > Ho 1 d , 
Execuce_?e mi r.ace_Mcdel = > Term! ; 


pm tenure le: _V p ; $ separate; 
cr:-:s:ure Create_Oaca is separate; 
pr: :edure Sel f__nic is separate; 
crcceiure ~ ys cem_I m t is separate; 
cr vieiure Run is separate; 
priced ire Hold is separate; 
priced. ire Tern is separate; 


end Hy-draul ic_System_Par t i t ion ; 

Ada Unit 50 Hydraulic_System_Partition.Creata_Data Separate Procedure 

separate { Hydraul ic_5ystem__Parc it ion) 

procedure Create_Data is 

begin 

— For each message, CREATE.MSG is required 

-- Create each many-to-one output message 

Message .Many _TojDne .Cr eat e_Msg (Out_Msg_Id => Cb_1021_001_Load_Msg_Id); 
Message. Many _To J3ne .Create_Msg (Out_Msg_Id => Cb_1021_002_Load__Msg_Id); 
Message .Many _To_One .Create_Msg (0ut_Msg_Id = > Cb_1021_003_Load_Msg_Id) ; 
Message . Many _To_Qne .Great e_Msg (0ut_Msg_Id => Cb_1021_004_Load_Msg_Id); 
Message .Many _To_0ne .Create_Msg (Cut_Msg_Id -> Cb_L022_Q01_Load_Msg_Id) ; 
Message .Many _To_One .Create_Msg (Ouc_Msg_Id -> Cb_1022_002_Load_Msg_Id); 
Message .Many _To_0ne .Create_Msg ( 0ut_Msg_Id => Cb_1023_001_Load_Msg_td) ; 
Message . Many_To_Cne .Create_Msg (0ut_Msg_Id -> Cb_1023_002_Load_Msg_Id) ; 
__ Create each one-to-many output message 

Message , One _To_Many. Great e_Msg (0ut_Msg_Id => Aural_Cue_Msg_Id) ; 

Message . 0ne_To_Many . Create_Msg (0ut_Msg_Id => Sys_l_Press_Msg_Id) ; 
Message . 0ne_To_Many . Create_Msg ( Out _Msg_Id => Sys_2_Press_Msg_Id) , 
Message .One _To_Many.Create_Msg (0ut_Msg_Xd = > Sys_l_Status_Msg_Id) ; 
Message . One__To_Many . Create_Msg (0ut_Msg_Id => Sys_2_Status_Msg_Id); 
Message .One JTo_Many.Create_Msg (Out_Msg_Id => Hyd_Sys_Indicator_Msg_^d) , 
-- Initialize first output messages sent to other partitions 
Initial! ze_Outputs ; 

-- Create each Bany_to_one input message 

Message .Hany — To_One .Create _Msg (In_Msg_Id => Sys_l_Flow_Msg_Id) ; 

Message. Many JTojOne.Create_Msg (In_Msg_Id => Sys_2_Flow_Msg_Id) ; 

— Create each one-to-many input message 

Message .One_To_Many.Create_Msg (In_Msg_Id => Elec_Pwr_Msg_Id) ; 

Message. One_To_Many.Create_Msg (In_Msg_Id => Sys_l _Motor_Cmd_Msg_Id) ; 
Message .One _To_Many. Great e_Msg (In_Msg_Id => Sys_2_Mo to r _Cmd_Msg_Id) ; 
Message. One_To_Many.Create_Msg ( In_Msg_Id => Sys_l_Val ve_Cmd_Msg_Id) ; 
Message . One_To_Many . Great e_Msg (In_Msg_Id => Sys_2 _Val ve_Cmd_Msg_Id) ; 
end Create_Data; 

--i Abstract: This procedure is an SVM mode routine chat creates the 
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System 


ir.puc and au:p ut messages 
and Tails initia 


cr.e Hydraulic 
ze_Cutput s . 


Warnings : 


None . 


Ada Unit 51 Hydraulic J 5 ystem_Partition.Hold Separate Procedure 


procedure Hold is 
beg i n 


_ _ Hold, suspend normal processing. 

— . Ccher special actions (ie Step_Ahead) 


would be performed here. 


null; 


end Hold; 


— [ 
-- I 
-- 1 


Abst rac 


This procedure is an SVM mode routine chat is 
periodically called while the simulation in 'hold 

mode . 


Warnings: None. 


Ada Unit 52 Hydraullc_System _Partltion.lnttialize_Model Separate Procedure 

separate (Hydraul ic_Syscem_Part it ion) 
procedure Ini t ial i ze_Model is 


begin 

Initialize partition data and all 

-- is in an initial conditions state. 
— this example. 


objects such that the partition 
The details are left out in 


null ; 

end Initial ize_Model; 


Abs 


— I 

— I 

— I 
-- | 
-- 1 
— I 


-ace- This procedure initializes the Hydraulic System 

including all of its components and partition data. 
This procedure is called by Set_Up and also by 
Self.lnit during a full initializacion (Full.IC = 
True) . 


Warnings: None. 



Ada Unit 53 Hydmutlc_System J>artition.lnltJallze_OiJtputs Separata Procedure 

separate (Hydr«ulic_Syscem_Partition) 
procedure Initialize_Outputs is 


begin 

- This routihe secs the output messages to a default value during 

— initializations 


Cb_102 l_001_Load„Msg .Cb 
Cb_1021J)02_Load_Msg.Cb 

Cb_l 02 1 _Q 0 3 _Load_Msg . Cb 
Cb_l 021_Q0 4 _Load_Msg .Cb 
Cb_1022 J301_Load_Msg .Cb 
Cb_1022_002_Load_Msg .Cb 
Cb J. 0 2 3 J) 0 1 _Load_Msg .Cb 

CbJ.02 3_002_Load_Msg.Cb 


Elec_Sys_Intfc_Defs.CbJ021_001 ; 

Elec_Sys Jntfc_Defs .CbJ021_002 ; 
Elec_Sys_I nt fc_Defs .Cb_1021_003 ; 

Elec_Sys_Intfc_Defs . Cb_. 21_0Q4; 
Elec_Sys Jnt £c_Defs .Cb. 22 _001; 
Elec_Sys _Intfc_Defs.Cb_- ;22_002 ; 
Elec_Sys Jntfc_Defs .Cb _1023_001 ; 
Elec_Sys Jnt fc_Def s . Cb J023_002 ; 


CbJ021_001 J*oad_Msg .Load := 0.0; 
Cb _1021_002_Load_Msg .Load := 0.0; 
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7b_::2 l_:C3_Load_Msg. Load := 0.0; 
7b_l 02 1_C 04_Load_Msg . Load := 0.0; 
:c_l 22 2 _0 C 1 _Leaa _Msg . Load : = 3.0; 

:22_:02_Lcad_Msg . lead := 0.0; 
Cb_l 02 3_301_LoaG_Msg . Lead : - 0.0; 

■3 b_l C 2 J _ ? 0 2 _Load_M sg . Load : = 3.0; 

Au r 3 1 _ 3 -e _Ms g . ~vnp_No ise_3ys_l : x 
A-r 3 l _~-e_Msg . -rnp_No i se_3ys_2 : = 
A-ral _3ue_Msg .Mct3r_NoLse_3ys_l : = 
Aural _:ue_Msq . Me tor_Nc L se_5ys_2 : = 

5ys _I _P res s _Msg . Press := 0.0; 
Sys_2_?ress_Msg . Press : = 0.0; 


Sec .OtZ ; 
Sec .Off ; 
Sec .Off; 
Sec .Of f ; 


3ys_l _5cacus_Msg . Mocor_Scacus 
Sys_L_Scacus_Msg . Pump_3catus 

Sys_l_3cacus_Msg . Val ve_Sensed_Not_FulI_Open 

Sys_l_5Cacus_Msg . Val ve_Sensed_NoC_Full_CIosed 

Sys_2_Scacus_Msg . Mo tor _S tat us 
Sys_2_Status_Msg . Pump_Status 

3ys_2 _Status_Msg . Val ve_Sensed_Not_Ful l_Open 
Sys_2_Status_Msg . Val ve_Sensed_Not_Full_Open 

Hyd_Sys_Xndicaco r_Msg . Sys_l_Press_Indicated : 
Hyd_Sys_Indicator_Msg . Sys_2_Press_Indicated : 
Hyd_Sys_Indicator_Msg . Sys _Qty_Indicated : 


= Set-Off; 
x Set .Off; 
s True; 

= False; 

= Set. Off; 
= Set-Off; 
= True; 
x True; 


0 . 0 ; 

0 . 0 ; 

0 . 0 ; 


Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_Tc_One . Put 
Message . One_To_Many . Put 
Message . Qne_To_Many . Put 
Message . One_Tc_Many . Put 
Message .One_To_Many . Put 
Message. One _To_Many . Put 
Message . One_To_Many . Put 


(Out_Msg_Id 
{ Out_Msg_Id 
{Out_Msg_Id 
(Out _Msg_Id 
{Out_Msg_Id 
(Ouc_Msg_Id 
(Out_Msg_Id 
(Out_Msg_Xd 
(Out_Msg_Id 
(Out_Msg_Id 
(Out_Msg_Id 
(Out_Msg_Id 
(Ouc_Msg_Id 
(Out_Msg_Xd 


-> Cb_1021_001_Load_Msg_Id) ; 
=> Cb_102 l_002_Load_Msg_Id) ; 
-> Cb_lQ 21 _003_L.oad_Msg_Id) ; 
-> Cb_102 l_004_Load_Msg_Id) ; 
-> Cb_1022_Q01_Load_Msg_Id) ; 
=> Cb_1022_002_Load_Msg_Id) ; 
-> Cb_IG23_001_Load_Msg_Id) ; 
-> Cb_l023_0G2_Load_Msg_rd) ; 
—> Aural_Cue__Msg_Id) ; 

=> Sys_l_Press_Msg_Id) ; 

= > Sys_2 _Press_Msg_Id) ; 

= > Sys__l_Status_Msg_Id) ; 

= > Sys_2_Status_Msg_Id) ; 

= > Hyd_Sys_Indicator_Msg_Id) ; 


end Initialize_Oucpucs ; 


— I Abstract: This procedure initializes all Hydraulic System 

Partition output messages and sends them out once. 

— i Warnings: None . 



send output 
messages 


Ada Unit 54 Hydreullc_Sy«tem_Partition.Proceee_Mailbox Separate Procedure 

with Mail_Msg_Types ; 
with Enter_Mai lbox; 
with Mai f unction_Mailbox; 
with 3afescore_Mailbox; 

separate ( Hydraul ic_System_Part ition) 

procedure Process_Mailbox is 

-- The following are renames from the Hydraulic_System_Partition body: 

-- package Set renames Std_Eng_Types ; 

— package Seu renames Std_Eng_Uni ts ; 

-- package Oct renames Orvc_Cominon_Types ; 
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Hyd_3ys_3is re "a rr.es Kyurau*. ~c _Sysiem__€ 


pa ::<age Inter 

ca : <age Mai function 


rer.aT.es I me r_Ma.Icox; 

re na res Ma 1 f unc - - o r._Ma : - bo x ; 


I 

I 

I 


Tr.e : r 1 1 r wi ng prc-vlies v i s a b 1 1 1 1 y re “ r.e Dis Tern* *3 equality operator: 

function # =* ye : : , Right : Dis.7erm_Id; return 3oolean renames Dis.'=*; 
„ 7 ;-e folic wing provides visabiiicy to the Dis Mam IC equality operator: 

function *=■ ;Left, Right : Ois . Mai f unc t ion_Id] return Boolean 

renames 013.*="; 

Msg_?ype : Mai Ibox . Msg_Types ; 

Enter_Msg : Enter . Enter _Msg; 

MaIf_Msg : Mai function_Mailbox.Mal function_Msg; 

Datastore_Msg : Mega _Ma i 1 box . Mega_Msg ; 

Enter_Id : Dis.Term_Id; 

Malc_Id : Dis . Mai f unc c ion_Id ; 

Apply : Boolean; 

Invalid_Msg_Id : exception; 

Invalid_Enter_Term : exception; 

Invalid_Mal function : exception; 

function Sys_Id is new Mai f unc tion_Mailbox. Selector (Oct . Sys_l_Sys_2 } ; 
begin 

for I in 1 .. Mailbox. Num_Mail_Msgs (Mailbox_Id '=> Hyd_Sys_Mbox) loop 
Get the type of the next message 

Msg -Type := Mail box. Get_Next _Msg_Type (Hyd_$ys_Mbox) ; 

Process the mailbox message 
case Msg_Type is 

when Mail box . Enter => 

Process the IOS Enter message 

Mailbox . Get_Enter_Msg ( Enter_MSg => Enter_Msg, 

My _Ma i 1 bo x_j d => Hyd 3ys_Mbox) ? 

Entered : = Enter. Id (Msg => Enter_Msg) ; 

if Enter_Id = Hyd_Sys_Dis . Fluid_Level then 

Request reservoir quantity change. Pass in new quantity 



Hyd_Reservoi r jClass . Reques t_S tat e_Change 
(Instance => Reservoir, 

Command => Hyd_Reservoir_Class . Set_Qty , 

Quantity => Seu. Gallons (Enter . Value _R6 (Msg => Enter_Msg) ) } ; 

•laif Entered = Kyd_Sys_Dis . Flow_Pump_l then 

Request pump 1 flow rate change. Pass in new rate. 

Hydraul i c _Pump_C lass. Reques t _3 1 a t e _C ha nge 
(Instance => Pump (Oct.Sys_l), 

Command => Hydraul ic_Pump_Class .Modi fy_Flow_Rate, 

Apply => True, 

Bias => Seu, Non_Dimensional 

( Enter . Value_R6 (Msg => Enter_Msg) 

elsif Enter_Id - Hyd_Sys_Dis . Flow_Pump_2 then 

Request pump 2 flow rate change. Pass in new rate. 

Hyd r a ul ic _P ump_C 1 as s . Reques t _S t a c e_Cha nge 
(Instance => Pump (Gct.Sys_2), 

Command = > Hydraulic_Pump_Class . Modify_Flow_Rate 

Apply => True, 

Bias => Seu . Non_Dimensional 

( Enter .Value _R6 (Msg => Enter_Msg) ) 


call object to affect 
change. 
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else 




i 


no ocher enter values are expected 
raise I rival i d_Encer_Term; 
end l f ; 

when Mai Ibex .Mal function => 

Process che malfunction message 

Mai Ibex. 3et_Maifunccion_Msg [Mal funccion_Msg -> Mal f _Msg , 

My_Mailbox_Id => Hyd_3ys_Mbc x! ; 

Gee the DI3 malfunction identifier 

MaiC_Id := Mai function. Id {Msg => Malf_Msg); 

Get the stace of the malfunction (Cn or Off) and convert 
to a boolean co pass to Request _St a ce_Change procedures. 

Apply : = Mal function. State {Msg => Malf_Msg) = Set. On; 

if Ma 1 f _Id = Hyd_Sys_Dis . Pump _No_F low then 

Process the hydraulic pump malfunction. Pass in which 
pump ( # 1 or #2 ) . 

Hydraul ic_Purnp_Class. Request _State_Change 

(Instance => Pump (Sys_Id {Msg => Malf_Msg)), 

Command => Hydraulic_Pump_Class . Pump_Fail , 

Apply => Apply ) ; 

els if Mai f _Id = Hyd_Sys_Dis . Press_Comp_Fai 1 then 

Process the pressure compensator malfunction. Pass in which 
compensator (#1 or #2). 

Hydraul ic_Punrp_Class . Request_State_Change 

(Instance => Pump (Sys_Id [Msg => Maif_Msg)), 

Command => Hydraul ic_Pump_C lass . Compensate r_Fai 1 , 

Apply => Apply, 

Bias => 0.0, 

Scale -> 1.0); 

elslf Mai f_Id = Hyd_Sys_Dis . Iso_Val ve_Freeze then 

Request the valve to freeze. Pass in which 
valve (#1 or #2). 

Valve _Class .Request _St a ce_Change 

(Instance - > Iso_Vlv (Sys_Id (Msg -> Malf_Msg)), 

Command => Val ve_C lass . Free ze_Valve, 

Apply => Apply) ; 

els if Mal f _Id = Hyd_Sys_Dis . Pressure_Sensor_Fai 1 then 

Request the pressure sensor co read incorrectly. Pass 
in which sensor (#1 or #2) , the error factor (scale) and 
the offset (bias) . 

Pressure_Sensor_Class . Request _State_Change 

(Instance => Press_Sensor (Sys_Id {Msg => Malf_Msg) ) , 
Command => Pressure__Sensor_Class . Sensor_Incorrect , 

Apply => Apply, 

Scale => Seu .Non-Dimensional 

(Mal function. Scale (Msg => Mal f _Msg ) } , 

Bias => Seu.Psi ( Mal function. Bias (Msg => Malf_Msg')) 

elsif Mal f_Id = Hyd_Sys_Dis .Mocor_Zero_Rpm then 

Process the motor fail malfunction. Pass in which motor 
(#1 or #2) . 

Dri ve_Unit_CIass . Request_State ^Change 

(Instance => DriveJJnit [Sys_Id (Msg => Mal f_Msg) ) , 

■ Command => Dri ve_Uni t_Class .Motor_Fail , 

14 Apply => Apply) ; 

elsif Mal f _Id = Hyd_Sys_Dis . Dist_Sys_Leak then 
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. . 7 ass 

u ^ r - 5 bu- i or. 3 Y*-*~ - ea * : a *; ; r : : e ’ l*a< 
?r ' C ^ S !/'‘; e s rr.'oucior. syscerr. ^ ~ ir . as cne 

:r. whi-r ■-- s - ^ lea< - 3 - e - s - 

race. Nctice-ha- 

mal function °- as * e "-.ar.ge 

— r 

Ir.scar.-e -> - lfcuC ion_3ysce*_--ass . -= - 

Cc truss rd "> , 

^ P a’< Y Ra-e = > Seu .gallons ? er s «° Malfjfeg))): 

Lea<^a-e (Malfunction. 3 . as ,*sg 

6136 Dcion no ocher malfunctions are expected, 

raise exception. 

raise invalid-** 1 funct ion; 
e nd i £ • 

Dariin To Darastore => 

. va i 1 ■“ 

‘ * 8 che return to datastore message 

Process natascore_Msg/ 

teilb ox.aeC_Mega_Msg(Mega_MS9^ x _ id => Hyd _ Sys Jfbox) ; 

■ da ta from the mailbox and populate the model- 
£ left out in this example- 

^ ° CherS => . n no other message types are expected, 

raise exception, 
raise Inval id_Msg_^; 
end case; 
end loop; 
ept Lon 

when Mailbox- Mailbox.Empty -> 1 )box _Bn*ty_Pxcei*ioM ♦ 1 » 

Num _ Mb ox_Em P ty.Exceptioh 8 - - 

when others => oC her exceptions 

„»U, - allow propagation 

id Process _Mai.lk° x; 


rocessj^ 1 * 



™ Si... «— «-• ™* 

105 *“*: ^TiSUS .» -i“»* *— *»— 

partitio leak race is 

w-ing.: *. X'S ^ ^ ^ ^ 

malfunction message. 

■ ns are propagated beyond the 
-The following except! 

St. o< au 

Xnvalid_Msg_I<i 
Inval id_Enter_Term 

T n valid_Malfunction 


-h Orvc_Defs; 

P arate (Hydraulic_System_Partition 

ocedure Register_Io is Ele c_Sys_Int£c_De£s; 

package »^^ntf=_Pefs: 

package Cntri_r™._ ^ 
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Output messages 


segin 

-- ?.e;:s:er ?ar:.::or. Mailcox 

Ma il sex. Regis ter _Mail£cx ; »/_?a rt i c ion.Pre f i x => Orvc.Sefs .Hydrauli 

My_Mailtox_Id => Hyc_3ys_Mbox) ; 

P.eigster "he messages sene from the Hydraulic System to 

^rher car* Ltions [ output messages, . 


Message . Many_To_3ne 
'Out_Msg_Id 
?arcition_?refix 
Msg_Ois_Id 
Msg_Ptr_Addr 


. Reg 1 s t er_Tc _Send _Ms g 

= > Cb_i02 l_QGl_L.cad_Msg_Id, 

-> OrvcJOers . Elec trical_System, 

- > Elec_Sys_If . £lec_Load_Msg_Id, 
= > Cb_l021_001_Load_Msg' Address) ; 


Message . Many_To_One . Register_To_Send_Msg 

( Out _Msg_Id => C b_l 0 2 1 _0 0 2 _Lo ad_Msg_i d , 

Pg j. ^ ion^Pre f i x — > Orvc Oefs » Electrical — System, 

Msg_Dis_Id => Elec_Sys_I f . Elec_Load_Msg_Id , 

Msg_Ptr_Addr => Cb_l 02 l_002_Load_Msg ' Address) ; 


Message .Many__To_One .Regi 
(Out_Msg_Id 
Part it ion_Pref ix 
Msg_Dis_Id 
Msg_Ptr_Addr 


s t e r _To _Se nd_Msg 
_> Cb_1021_0Q3_Load_Msg_Id, 

=> Orvc_De£s . Elec t r ical _System, 

=> Elec_Sys_If .Elec_Load_Msg_Id, 

= > Cb_1021 _003_LoadJ4sg' Address) ; 


Mes sage. Many_To_One .Regi 
{Out_Msg_Xd 
Part ition_Pre fix 
Msg_Ois_Id 
Msg_Ptr_Addr 


ster_To_Send_Msg 

=> Cb_l 02 1 _0C4_Load_Msg_Xd, 

=> Orvc_Def s . Elec trical_3ys tern, 

-> Elec_Sys_I f . Elec_Load_Msg_Id, 
=> Cb_1021_004_Load_Msg' Address) ; 


Message . Many_To_One . Regi 
{Out_Msg_Id 
Partition_Pref ix 
Msg_JDis_Id 
Msg_Ptr_Addr 


ster JTo_Send_Msg 
r > Cb_1022_001_Load_Msg_Id, 

=> Orvc_Defs . Elec trical_System, 

-> Elec_Sys_If . Elec_Load_Msg_Id, 
=> Cb_l 02 2_001_Load_Msg' Address) ; 


Message .Many _To_Or.e .Regi ster_To_Send_Msg 

( cut _Msg _I d = > Cb J. 0 2 2 _0 0 2 _Lo ad_Msg_Id , 

Part i tion_Pref ix => Orvc.Defs . Elec tr ical _System, 

Msg_Dis_Id => Elec_Sys_If . Elec_Load_Msg_Id, 

Msg_Ptr_Addr => Cb_1022 _0 02 _LoadJfeg ' Address) ; 


Message . Many_To_pne .Reg 
(Out_Msg_Id 
Part it ion_Pref ix 
Msg_Dis_Id 
Msg_Pt r_Addr 


ister_To_Send_Msg 
=> Cb_1023_00l_Load_Msg_Id, 

=> Orvc_Defs . Electrical_System, 

=> Elec_Sys_If . Elec_Load_Msg_Id, 
=> Cb_1023_001_Load_Msg' Address) ; 


Message .Many_To_One 
(Out_Msg_Id 
Parcicion_Prefix 
Msg_0i»_Id 
Msg_Ptr_^ddr 


Register_To_Send_Msg 

=> Cb_l 0 2 3 _0 0 2 _Load_Msg_Id , 

=> Orvc_Defs . Elec tricai_System, 

=> Elec_Sys_I f . Elec_Load_Msg_Id, 
-> Cb_l023_002_Load_Msg' Address) ; 


Message . On^JTo Jfany . Regi 
( Out _Msg_Id 
Parcition_Pref ix 
Msg_Dis_Id 
Msg_ 3 it_ 3 ize 
Execut ion_Race 
Msg_Ptr_Addr 


ster_To_Send_Msg 
= > Aural_Cue_Msg_Id , 

-> Orvc_Def s . Aural _Cue r 
= > Hyd_Sys_I f .Aural _Cue_Msg_Id, 

=> Hyd_Sys_If .Aural _Cue_Msg_Size, 
=> Thread_Exec . Race_Of_Execution, 
=> Aura l_Cue_Msg' Address) ; 


Message . One_To_Many . Reg 
(Out _Msg_Id 
Parti tion_Prefix 
Msg_Dis_Id 
Msg_Bi t _S i ze 
Execut ion_Rate 
Msg_Ptr_Addr 


i s t e r _To _S e nd_Msg 
=> Sys_l_Press_Msg_Id, 

=> Orvc_Defs .Hydraulic_Systems, 

=> Hyd_Sys_I f . Sys_l_Press_Msg_Id, 

-> Hyd_Sys_I f . Hyd_Sys_Press_Msg_Si ze , 
=> Thread_Exec . Rate_Of ^Execution, 

=> Sys_l_Press_Msg' Address); 


_3ystem. 
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:ne-To_Many .Regisce 


t tuc_Msg-Id 

Partition-Prefix 

Ms g 

Msg_Bi-_ 3 * ze 

Execuc i or.— Raze 

Msg-?zr-Addr 

Message. One Jo - Ma ny 

: Cuc_Msg_Id 

Pa r - i tion_Pre£ z x 

Msg_0is-Id 
Msg_3iC-3i ze 

Execuc ion 

Msg_?tr_Addr 


_ 2 Fress_.Msg_-o. 

r> ^ y - 0 - Systems, 

= > c r ^ C Z - 1- 3ys 2 " : ress _Msg _:’i . 
ayd_»y* ; • l'.r 3 y 9 j?re>sjte3_3 - 2 

= > *' ya ~*'i ace of Execution, 

= > Thread_=-xet- . - 

I> 3ys.2.?ress_Ms3' Adaress, ; 

. s t e r _To _5e nd _Msg 

-> Svs_l Status _Ms9-* vi * 

= > Orvc.Defs. Hydraulic .System^ ^ 

3> 5S'SS'5‘:5t«ioifl!sr*e:" 

:> Thread.ixec .Rate.Of Execution, 

= > Sys j. _Scat us -Msg' Address) , 




(Ouc_Msg-Id 

Partition-Prefix 

Msg_Dis_Id 

Msg-Bit-3ize 

Execution-Rare 

Msg_Pr r-Addr 


_ > sy S _2_Status_Msg_Id, 

' = > orvc.De£s. Hydraulic .System 

:> Hyd sys _lf.sys_2 -Status Msg.Id, 

'-> Hyd _ Sys_ l£ ■ Status —Msg.Size , 

:> Thread _Exec .Rate.Of .Execution, 
=> Sys_2_Scacus_Msg' Adaress), 


Message . One.To .Many .Register To -Send _Msg 


(Out_Msg_I3 

part icion_Pref ix 

Msg_Dis_Id 

Msg-Bit_Size 

Execuc ion_R ate 

Msg_Pzr_Addr 


seer T , 

-t Hyd Sys-Indicator-Msg-Id, 

Ztilli t : /ydlsys-lndicator Msg-Srze, 

I> Thread-Exec. Rate-Of-Executio , 

_> Hyd-Sys-Indicator-Msg Addre ), 


MS9_PCr sages sent to the Hydraulic System from 

Da ^- rer the messages sent. 

other partitions (input messages). 

_ 


Input messages 


Message.Many-To-One.Register To-Recv-Jjg 


(In_Msg_Id 

Partition -Prefix 

Msg-Dis_td 
Msg_ Bi t— Si ze 

Queue _3ize 
Msg_Pt r__Addr 


-> Svs l Flow_Msg-Id, 

:> orve 5efs. Hydraulic-System 
:> Hyd iys-If.SyS-l-FloW-Mad-Id. 
-> Kyd-Sys-If .Flow-Msg_Size, 

= > Receive -Queue-Size, 

_> gys— i —Flow. Msg 1 Address) 


Message .Many-To-One .Register-ToRecv^g 


(In_Msg_Xd 

Parti tion-P ref i x 

Msg_Dis_Xd 

Msg— 3 1 t — Size 

Queue _S i 2e 

Msg-Ptr_Addr 
Message. On«-To_Many.R« 

(In_Mag_Id 
Partitio^J Prefix 

MsgJ)i*-J d 

ExecutiooJtete 

Msg_Ptr_Addr 

Message . One J To— Many • R 
( In-Msg— Id 

Parc icion_Pref ix 
Msg-Dis_Id 

Execuc ion-Race 

Msg-Pcr-Addr 
Message -One -To -Many • 

{In_Msg_Id 

Parcicion_Pref ix 

Msg-OiS— Id 
Execuc ion_ Race 

Msg_Ptr-Addr 

Message . One JTo -Many 
(In-Msg-Id 


-■> Svs 2 Flow_Msg_X d , 

:> orv; 5e£s. Hydraulic-System 
"-> Hyd Sys_I £ ■ Sys_2-Flow-Msg_ Id, 

=> Hyd-Sys-l£ .Flow_Msg_Size, 

-> Receive -Queue-Size, 

=> sys-i-PloW-Msg' Address) ; 

Register.To_Recv.Msg 

!> OrvclDeE^iectrical-System, 

-> Elec -Sys-X£. Elec -Power.Msg-I , 

I> Receive.Hertz.Rate, 

=> Elec _Pwr .Msg' Address) ; 

■ Reaister_To.Recv.Msg 

Receive HertZ-Rate, 

= = > 5ys-l-Motor.cmd .Msg' Address) ; 


Register-To.Recv.Msg 

-> Sys 2 Mocor_Cmd_Msg-Xd , , 

a> Orvc-Befs.Hydraulic Contto^P^^ 

-> Cr.trl.Pnl-I £ . Sys_2_Motor_uma_ 

* Receive.Hertz.Rate, 

J sys. 2 .Motor. Cmd. Msg ' Address) , 

■ Reaister_To.Recv.Msg 
' R sys_l_Valve-Cmd-Msg_Id, 
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Par:::.on_?re: i x 
Msg_ 0 :s_ld 
I xec u t i o n_Ra c e 
Msg_?tr_Addr 


- > Zxvc _Ee f s . Hydraul :c_Cor.t re - 1 _?ar.eL , 

= > Cntrl_?nI_I f . S y s _ 1 _Va 1 ve me _Ms g _ : d , 
=> Recei ve_Hert z_Rate , 

= > Sys_lJ/aive_:xd_Msg' Address: ; 


Message . Cr.e_To_Mar.y . 
ir.J'sg.Id 
Far:;:;or.Jre:ix 
Msg_ 3 :s_Id 
E xe lot. _Ra t e 
Msg_?t r_Addr 


Reg: seer _Tc_Rec v_Ms g 

= > Sys_2_VaI ve_Cmd_Msg_Id, 

=> Orvc_Te:s . Hydra ui ic _Control_?anel , 

= > Cncrl _Pnl _: f . 3ys_2 _Va 1 ve_:mc_Msg_: d , 
=> Receive_Hertz_Rate, 

-> Sys_2 _Vaive_Cmd_Msg 'Address'; 


end Register_Io; 


Abstract: This procedure registers the input and output messages 
of the Hydraulic Syscem Partition. 

Warnings: None. 


Ada Unit 56 Hydraulic_Sy«tem_Partitlon.Raport_Symbol« Separata Procedure 

with Symbols; 

separate (Hydraul lc_System_Part ition) 

procedure Reporc_Syrnbols (Parent_Name : in String) is 
begin 

-- register all complex variables needed by IOS that were created in this partition 
null — this partition has only simple variables 
end Report_Symbois ; 


V 

y 

— ! 

Abstract : 

This procedure reports the motor speed and motor status 



-- ? 


(as defined in the Hydraulic System Partition body) to 



— 1 


the symbol map. 



— ! 

Warnings : 

No ne . 


Ada Unit 57 HydrauUc_Sy«tem_Partition.Run Separate Procedure 

separate ( Hydraul ic_System_Part ition) 

procedure Run is 
begin 

-- This routine provides normal partition updates. 

Delta_Time := Thread_Exec . Delta_Time; 

Update_Hydraulic_System; 
end Run; 


__ | Abstract; This procedure is an SVM mode routine that performs one 
__l iteration of the Hydraulic System Partition. This mode 

__ j routine is periodically called while the simulation is 

— I „ in 'run' mode. 

--{ Warnings: None. 


Ada Unit 58 Hydraulic_Sy*tem_Partltion.SeHJnit Separata Procedure 

separate { Hydraul ic_Syscem_Part it ion) 

procedure Self_Init is 

begin 
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readme* A_r 
: - -_a'_ _ze_Mcdel ; 


: : __s 


J*equlreu 


er.d i - '' 

FroceSS^Mailt-ox; 

rni^Uli^e^ucpucs; 

Stabilized Fa.se; 

Elapsed JTime - 0 . 0 ; 

, „ _ oeadv To Transition; 
Thread_e.xec . Keaay- — 

end Self-* nit ; 


Abstract : 


I 

- - ! 

-- I 

— S 

— I 

— 1 
-- \ 

--! 

-~\ 

— I 
-- i 

— \ 

— I 

j Warnings: None 


«™~mde routine that readies the 

This for system intialization. 

Hydraulic Syste. - 

If the input le^ t^ initialize the partition 

aatUnd'alf ot A* co^nents . 


uawo. * — 

; _ ,-r CO False to allow 

S.r£Sff-SS S 5 . 

u is ready to transition. 

initialization, no iterating! 
NOTE : This is a one pass initial iza 


A<ta Uni. 99 H,dr»Uc_S,«-n_P«1.«on.S-_ U p ®*P— P "~ dU " 

Aoaun 1 Svste m Partition) 

separate (Hydraulic JSystenu 

procedure Set_Up is 


begin 
Crea 
for : 


ances of classes, 
n Oct - Sys_l_3ys_2 loop 


A . : .r,ulator_Class : Cre tdr (index), & 

(Instance -» ic ion_Name k '.accumulator 

Parent _Name => P ^ t ._ Sys _l_Sys_2'Image (index) 

ssisu It- 

Min_0a._vol •* 1-J- 

Ma*_Oa._Vol =>2-°' 

Min^luid_Vol => 2 . 0 . 

MWCjluid.Vol => 3 - 5 ). 

Distribution_System Class ^Create^^ _ 

(Instance => DLS — Y M r. ».dist_sys( & 

ParenC_Name => Pa £^gys^_ S ys_2 ' Image (Index) 4 *>'• 

Press — Const => 0.151; 

Drive_Unit_Class. Create Drive _ Un j. t (index). . . , 

! C e a nt"ame => * *>*• 

;earbox_Max_Torque => 250.0), (Index). . 

>«SS- *.. . 

Pressure_Sensor_Class^Create^^^ (Index) , 

(Instance -> rl “ 




•) ') 
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Parent_Name => Part it ion_Name & " . press_sensor (" & 

Oct .Sys_l_Sys_2' Image (Index) & ") ", 

Nominal_Load => 0.67); 

Hydraulic_Pump_Class .Create 

(Instance => Pump (Index), 

Parent_Name => Part it ion_Name & ".pump{" 6 

Oct . Sys_l_Sys_2 ' Image (Index) & ") ") ; 

end loop; 

Quantity_Sensor_Class .Create (Instance => Qty_Sensor, 

Parent_Name => Part it ion_Name & " . qty_sensor" r 
Nominal_Load => 0.5); 

Hyd_Reservoir_Class .Create (Instance «> Reservoir, 

Parent_Name => Part i t ion_Name fi ".reservoir", 

Init_Qty => 5.25); 

-- Initialize partition data and all objects. 

In it ialize_Model; 

— Report Partition level symbols 
Report_Symbols (Parent_Name => Part it ion_Name) ; 

— Link variables to the DIS for reporting to IOS. 

— Connect simple variables created locally by their address. 

Dis .Connect_Term (Term -> Hydraul ic_System_Def s .Motor_l_On_Of f , 

Address -> Motor_Speed (Oct . Sys_l) ) ; 

Dis .Connect_Term (Term => Hydraulic_System_Def s .Motor_2_On_Of f , 

Address »> Motor_Speed (Oct . Sys_2) ) ; 

Dis .Connect_Term (Term Hydraul ic_System_Defs . Motor_l_Rpm, 

Address => Motor_Status (Oct . Sys_l ) ) ; 

Dis .Connect_Term (Term *=> Hydraul ic_$ystem_Def s .Motor_2_Rpm, 

Address => Motor_Status (Oct . Sys_2 ) ) ; 

— Connect complex variables by their registered symbol name. 

Dis .Connect_Term (Term -> Hydraul ic_System_Def s . Fluid_Level, 

Symbol -> "Hydraulic_System . reservoir .quant ity") ; 

Dis .Connect_Term 

(Term -> Hydraulic_System_J)efs .Pressure_Sys_l, 

Symbol ~> "Hydraulic_System.dist_sys (sys_l) . system_pressure") ; 

Dis . Connect_Term 

(Term = > Hydraulic_System_Defs .Pressure_Sys_2, 

Symbol => "Hydraulic_System. dist_sys ( sys_2) . system_pressure") ; 

Dis.ConnectJTerm (Term => Hydraul ic_System_Defs.Flow_Pump_l, 

Symbol -> "Hydraulic_System .pump (sys_l) . f low_out") ; 

Dis .Connect_Term (Term -> Hydraul ic_System_Def s .Flow_Pump_2, 

Symbol «> "Hydraul ic_System .pump (sys_2) . f low_out") ; 

Dis .Connect_Term 

(Term *> Hydraulic_Syst em_Def s . Iso_Valve_Sys_l , 

Symbol »> "Hydraulic_System . iso_valve (sys_l) .posit ion") ; 

Dis .Connect_Term 

(Term *> Hydraulic_System_Def s . Iso_Val ve_Sys_2 , 

Symbol *> "Hydraul ic_System . iso_valve (sys_2) .posit ion") ; 

-- Register input/output messages 

Register_Io; 

— Notify Thread_Exec that have completed setup 
Thread_Exec .ReadyJToJTransit ion; 

end Set_Up; 


— I Abstract: This is an SVM mode procedure that calls the 'create' 
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procedure for every instance of a class and 'connects' 
the specified class attributes to the corresponding DIS 
terms. After all objects are created, Initialize_Model 
is called to intialize objects and partition data. 
Register_Io is called to register the input and output 
messages of the Hydraulic Partition. Upon completion, 
this procedure notifies the executive that the model 
is ready to transition. 

Warnings: None. 


Ada Unit 60 Hydraullc_System_Partltion. System Jnlt Separate Procedure 

separate {Hydrau 1 ic_System_Part it ion) 

procedure System_Init is 

begin 

— This routine is called after Self_Init is complete. 

— Partition is updated until stable, then reports in. 

Delta_Time : * Thread_Exec .Delta_Time; 
if not Stabilized then 

Update Hydraulic System for 5 seconds to allow components to 
stabilize at new conditions before reporting ready to transition. 

if Elapsed_Time < 5.0 then 

Update_Hydraulic_System; 

Elapsed_Time Elapsed_Time + DeltajTime; 
else 

When stable, set flag and report in to executive. 

Stabilized := True; 

Thread_Exec.Ready_To_Transit ion; 
end if; 
else 

Once stablized, continue normal updates 
Update_Hydraul ic_System; 
end if; 

end System_Init; 


--1 Abstract: This is an SVM mode procedure that perform the 
--} Hydraulic System Partition system initialization by 

--j repeatedly cycling the model to stabilize it. 


Warnings : 


None . 


Ada Unit 61 Hydraullc_System_Partltlon.Term Separate Procedure 

separate (Hydrau 1 ic_System_Partit ion) 

procedure Term is 
begin 

— Actions required to terminate processes would be performed here. This 

— could include deallocating devices and closing files. 

null; 
end Term; 

— | Abstract: This procedure is an SVM mode routine that is called to 
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gracefully terminate the processing associated witr, me 
Hydraulic System Partition. 


Wa r n i r.g s : Nc'r.e . 


Ada Unit 62 Hydraulic_System_Partition.Update_Hydraulic_Syatem Separate Procedure 

separate ; Hyd r a u 1 i c _S y s t e m_F a r c i c i o n } 

procedure Update_Hydraul ic_System is 
teg in 

-- Process Mailbox commands 
P recess _Ma i 1 box; 

-- Read inpuc messages 
Update_Inputs; 

Update Pressurization Components (reservoir, drive units, pumps, etc) 

Update_Press ^Components ; 

update Supply Components (valves, distribution plumbing, etc) 
Update_Supply_Components ; 

-- Set Output messages 
'Jpdate — Output s ; 
end Update_Hydraul ic_Sys tem; 

— ! Abstract: This procedure performs the update of the Hydraulic 
--] System Partition 

--I Warnings: None. 


Ada Unit 63 Hydraulic_System_Partition.Update Jnputa Separate Procedure 

separate ( Hydraul ic_3ystem_Part it ion) 

procedure Upda te_lnputs is 

begin 

-- This routine gets the input messages 

Message .One_To_Many . Get (In_Msg_Id => Elec_Pwr_Msg_Id); 

Message . Cne_To_Many . Get (In_Msg_Id => Sys_l_Motor_Cmd_Msg_Id) ; 

Message .One JTo_Many. Get (In_Msg_Id => 5ys_2_Mo tor_Cmd_Msg_Id) ; 

Message. One _To_Many. Get (In_Msg_Id => Sys_l_Valve_Cmd_Msg_Id); 

Message. One_To_Many. Get (In_Msg_Id => Sys_2_Val ve_Cmd_Msg_Id) ; 

— Determine total flow rates consumed and returned by hyd components 

Tot_Pre9S_Plow (Oct.Sys_l) : = 0.0; 

Tot_Press_Plow (Oct.Sys_2) := 0.0; 

To t_Re turn_F low (Oct.Sys_l) : = 0.0; 

Tot_Return_Flow (Oct.5ys_2) := 0.0; 

for I in 1 .. Message . Many _To_One .Number_Of_Msgs_To_Get 

( I n_Msg_Id => Sys_l_Flow_Msg_td) loop 

Message . Many_To_One . Get (In_Msg_Id => Sys_l_Flow_Msg_Id) ; 

Tot _Press_Flow (Oct.Sys_l) := 

Tot_Press_Flow (Oct.Sys_l) * Sys_l_Flow_Msg . Press_Flow; 

Tot_Return_Flow (Oct.Sys_l) ;= 

Tot_Press_Flow (Oct.Sys_l) ♦ Sys_l_Flow_Msg . Return_Plow; 
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end loop; 

for ! in 1 .. Message .Many _To_3r.e . \*urr:er_2 : _Msgs J?c _3et 

k In_Msg_!i => 3ys_2_?l ow_Msg_ld: leap 

Me s s age . Ma ny _C -> _Gr.e . 3e c . - n_Msg_ . c - > . :w_Ms ^.1 ; 

?o~ _? :ess_r. c-w ,Cct.3ys_2) : = 

Toc_?ress_r low (Cct.Sys_2) * 3ys_2 _Flow_Msg . ?ress_?l :w; 

Toc_Rer urr._: l:w 11c : . 3ys_2 ) : = 

Toe press _? low ' Cct . 3ys_2 ) - 3ys_2_Flow_Msg .Return.? low; 

end loop; 

end r Jpca te_I npuc s r 



— ! 

— 1 

Abstract ; 

This procedure updates the inputs to the Hydraulic 
System Partition 

-- [ 

Warnings : 

None . 


Ada Unit 64 Hydraulic_System_Partition.Update_Outputa Separata Procedure 

separate ( Hydraul ic^Sys tem_Par c i cion) 


procedure UpdatejDutputs is 
begin 

— Set Circuit breaker id for 

Cb_1021_001_Load_Msg.Cb : = 
Cb_102 l_002_Load_Msg . Cb := 
Cb_l 0 2 1 _0 0 3 _Load_Msg . Cb : = 
Cb_l 02 l_004_Load_Msg . Cb : = 
Cb_1022_G01_Load_Msg . Cb := 
CbJ.022_002_Load_Msg.Cb 
Cb J02 3_001_Loaa_Msg . Cb : = 
Cb_1023_002 _Load_Msg .Cb : = 


each load message 

Elec_Sys_Int fc_De£s . Cb _102 1_001 
Elec_Sys_Int fc_Defs ,CbJ021_002 
Elec_Sys_Int fc_Defs . Cb J 02l_Q03 
Elec_Sys_Int fc_Def s .Cb_1021_004 
Eiec_Sys_Int fc_Defs .Cb J022_001 
Elec_Sys Jnt fc_Defs .Cb_1022_002 
Elec_Sys Jnt fc_Def s . CbJ02 3_Q01 
Elec_Sys Jnt fc_Defs . Cb _1 023_002 


— Set elec load values for components. 


Cb J02I_00i_Load_Msg. Load 

Drive _Unit_Class . Elec_Load (Qrive_Unit (Oct . SysJ) ) ; 

Cb j02i_002_Load_Msg . Load : — 

Dri ve_Unit_Class . Elec J.oad (Drive JJnit (Oct . Sys_2 ) ) ; 

if Motor_Relay_Power (Oct. SysJ) = Set. On then 

Cb _l021_003_Load_Msg . Load := 0.5; 


else 

CbJ021J)03_Load_Msg.Load := 0.0; 
end if; 

if Motor _Relay_Power (Oct. SysJ) = Set.Cn then 
Cb J021_OO4_Load_Msg .Load := 0.5; 
else 

Cb_102 1_004 _Load_Msg . Load : = 0.0; 


end i f ; 

Cb J022J01 Joad_Msg . Load : = 

Val ve_Class . Elect rical_Load (Iso_Vlv {Oct .Sys_l } ) ; 

Cb _1 022 _002 Joad_Msg . Load : = 

Val vejClass . Elec trical_Load (Iso_Vlv (Oct . Sys_2 ) ) ; 

CbJ02 3_001_Load_Msg . Load := 

Pressure_3enso r_Class . Elec_Load ( Press_Sensor ^ Oct. SysJ}) * 
Pressure_Sensor_Class . Elec Joad ( Press_Sensor (Oct . Sys_2 ) ) ; 
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rb_:;23_0C2_Lcad_Msg.^:ad := Guar.c i ^/jer.scrjlass . Elec_lcad ' qty_Ser.scr) ; 
-- ~ec system pressure 'actual , net ser.seu tor use by nya components 
Sys_l_?ress_Msg . Press : - 

C iscribuc ion_Syscem_Class . Sysrem_? res sure (Disc.Sys (Cct.Sys _1) ; ; 
c’/5_2_Fress_Msg . Press : = 

:: 5 :r:bu:ionJys:e.Ti_:Uss.SyscemJressure (Disc_Sys (Oct . Sys_2 } ; ; 

Sec sy s c err: cress u re ' sensed, 1 for output Co hydraulic control pa r.e 1 

Hyd_Sys_Indt cat o r_Msg . 5ys_L _?ress_I nd i cared : - 

F ressure_3ecsor_ri3ss . Sensed_Oucpuc ( Press_Sensor (Oct.Sys_l;) ; 

Hyd_Sys_I ndicato r_Msg . Sys_2_Pres syndicated : - 

Pressure_Sensor_Ciass .Sensed jDucpuc { Press_Sensor (Oct.Sys_l)) ; 

— Sec sensed quantity value for output co hyd control panel 

Hyd_Sys_Indicator_Msg . Sys _Qty_Indicaced ; = 

Quanc i ty_Sensor_Class . Sensed jDucput (Qty_Sensor) ; 

-- Sec isolation valve position discretes for output to Hyd Control Panel 

5ys_l_Stat us_Msg . Val ve_Sensed_Noc_Full_Open : = 

not ( Val ve_C lass . Ful l_Cpen (Iso_Vlv (Oct . Sys_l } } ) ; 

Sys_i_Status_Msg . Val ve_Sensed_Not_Ful l^Closed : = 

(Val ve_Class . Fuil_Closed (Iso_Vlv (Oct . Sys_l ) ) ) ; 

Sys_2_3catus_Msg . Val ve_Sensed_Not__Ful l_Open : - 
( Val ve_C lass . Ful l_Cpen (Iso_Vlv (Oc t . Sys_2 ) ) ) ; 

Sys_2 _Status_Msg . Val ve_Sensed_Not_Ful Inclosed : = 

{ Valve_Class . PuiljOlosed (Iso_Vlv {Occ . Sys J2) ) ) ; 

Set motor and pump status discretes for output to hyd control panel 

Sys_l_Status_Msg . Motor_Status Motor_Status (Oct.Sys_l); 
Sys_l_Status_Msg . Pump_Stat us := Pump_Stacus (Oct.Sys_ 1] ; 

Sys_2_Status_Msg . Motor_Status := Motor_Status (0ct.Sys_2); 
Sys_2_3tatus_Msg. Pump_Status := Pump_Status (0ct.Sys_2); 

-- Set Discretes for output to aural cue (sound) system 

Aural_Cue_Msg . Pump_Noi se_Sys_l := Pump_Status (Oct.Sys_l); 
Aural_Cue_Msg.Fump_Noise_Sys_2 := Pump_Status (0ct.Sys_2); 

Aural j3ue_Msg.Mocor_Noise_Sys_l := Mocor_Status (Oct.Sys_l); 
Aural_Cue_Msg.Mocor_Noise_Sys_2 := Mocor_Status (0ct.Sys_2); 


-- Put messages 

Message . Many_.To._One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message . Many_To_One . Put 
Message .Many _To_One . Put 
Message . HanyJTojDne . Put 
Message . M»nyJTo_One . Put 
Message . Many_To_One . Put 
Message .One_To_Many. Put 
Message . One_To_Many . Put 
Message . One_To_Many . Put 
Message . One_To_Many . Put 
Message . 0ne_To_Many . Put 
Message . One_To_Many . Put 
end Updace_Outputs; 


(0ut_Msg_Id 

(0ut_Msg_Id 

(0ut_Msg_Id 

(Ouc_Msg_Id 

(Out_Msg_Id 

(Out_Msg_Id 

(Out_Msg_Id 

(Out_Msg_Id 

(0ut_Msg_Id 

(Out_Msg_Id 

(Out_Msg_Id 

(0ut_Msg_Id 

(0ut_Msg_Id 

(Out_Msg_Id 


=> Cb_1021_001_Load_Msg_Id) ; 
-> Cb_1021_002_Load_Msg_Id) ; 
=> Cb_1021_003_Load_Msg_Id) ; 

= > C b_l 0 2 1 _0 0 4 _Load_Msg_I d ) ; 
=> Cb_1022_001_Load_Msg_Id) ; 
=> Cb_1022 _002_Load_Msg_Id) ; 
=> Cb_l023_001_Load_Msg_Id) ; 

= > Cb_l 02 3 _0 02 _Load_Msg_Id) ; 
=> Aural_Cue_Msg_Id) ; 

-> Sys_l_Press_Msg_Id) ; 

=> Sys_2_Press_Msg_Id) ; 

=> Sys_l_Status_Msg_Id) ; 

=> Sys_2_Status_Msg_Id) ; 

- > Hyd_Sys_Indicator_Msg_Id) ; 


--I Abstract: This procedure updates the outputs of the Hydraulic 
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System 

Warnings: None. 


Ada Un't 65 Hydraulic System.Partltion.Update_Prasa_Componedta Separat* Procedure 

, * -arcLtion; 

_ - _ i uyn '■au. - - jys.e 
separate k . — 



a*. 

Quantity_Sensor_Cla.s. Update 

(Instance => Qty.Sensor, 

Power.Avail => Int£c De fs .Cb_1023_002) . Power = Set -On) . 

Sensed” Input^=> " Hydl.Reservoi r_Class -Quantity C^setvoir, , , 

s « and P»«<= f " “~””“ ciia . 

c vs i Motor.Cmd.Msg.Mocor.Cmd, 

TtorlcS IS :Kj) *•- SyO^tor.Cmd.Msg.Hotor.Cnrf; __ 

• Cb - 1021 - 0011 • voUage; 
-^!^^^-^nt^ £ s.C b .i0 2 i : 00 2 ,Vo 1 ta g e ; 

Motor_Reiay_Power (Oct.Sy.-U :» fc.Oefs .Cb_1021_003 ! . Power : 

Mo tor .Relay .Power ( 0 ct.Sy._ 2 ) - ^^li^Intfc^efs ,C b _l021_004) . Power; 

for Sys_lndex in Oct.Sys_l.Sys 2 loop ^ commanded of f, set motor power 

- f o e ^ r £ ela ThrsTepiace O . C reUyi 02 i -001 and relay. 1021 . 002 . 

CO if 0 (M°tor_Relay Power (Sys Index) - /== Set^On, or 
(Motor.Cmd (Sys .Index) /- set.u 

Mocor.Power (Sys .Index) ■ = °* 0 ' 

end if; 

_ Update Dri*» Unit and sec motor status discret 

Dr iv_0nit Class ^Update (Sys _ Index , , 

‘JST Tower :> M^corlPower (Sys_Index, . 

Delta_Time >» ^^Pump.Class .Torque (Pump (Sys.IndexU ) • 

Motor.Stacus (Sys_Index) : = Set. On, 
else 

Motor_Status (Sys.Index) := set.O 
Sr ' d l?: „ , m rad/sec to revs/min for IOS display 

— Convert drive unit spee ro 5493 . Drive.Unit.Class . Shaft.Speed 

Motor.Speed (Sys.Index) n Seu.Rpm - (Drive.Unit (Sys .Index) )) . 
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fump and sec pump status. 


Hyd r a u 1 i c _?ump _7 1 a s s . V pda c e 

Instance*. => Pump 'Sys_Index; , 

IeIca_Time => D e I c a _T i me , 

FIuid_AvaiI _ > Hyd_Reservc i r_CIass . F I uid_Ava 1 1 [Reservoir), 
3hafc_Dpr-d -> Drive _Unit_Class ,3ha:c_3peed (DriveJJnic ( 3ys_Index) ) , 
System.? res sure => Discribuc ion_3ystem_Class . System.? res sure 
(Dist.Sys (Sys.Index) ) ; 

lC Hydraui i c.Pump.SLass . Pump_Cn (Pump (Sys.Index) J Chen 
?ump_S c a c us Sys _I nde x } : = Sec . On; 

e ise 

Pump .Status (3ys_Index) := Sec. Off; 
end if; 
end loop; 

end Update.Press.Componencs ; 


i Abstract: This procedure updaces che fluid pressurization 

__ | componencs of che Hydraulic Syscem Partition. 

-- i 

--I Warnings: None. 


Ada Unit 66 Hydraulic_Syatem_Partitlon.Update_Supply .Components Separata Procedure 

separate ( Hydraui ic_3ys terrt__Par t i t ion) 
procedure Update_Suppiy_Components is 


begin 


-- Set Valve signals and power 

Iso.Val ve.Power (Oct.Sys.l) := Elec_Pwr_Msg . Cb 

( Elec.Sys.Int fc.Defs .Cb.l 02 2.001} .Voltage; 

Iso.Val ve.Power 'Cct.Sys_2) : = Elec_Pwr_Msg . Cb 

(Elec.Sys.Int fc.Defs .Cb_1022_002} .Voltage; 


VI v.Close.Cmd (Oct.Sys.l) 
VI v.Open.Cmd (Gcc.Sys.i) 

VI v_Close_Cmd (Occ . 5ys_2 } 
VI v.Open.Cmd (Cct.Sys.2) 


Sys.l.Val ve_Cmd_Msg . VI v_Close_Cmd; 
Sys_l _Va 1 ve _C md .Ms g . VI v_Ope n.C md ; 

S y s _ 2 _ Va 1 ve _C md _Ms g . V 1 v.C 1 o s e .C md ; 
S y s _2 _Va 1 ve _C md .Ms g . VI v_Open_C md ; 


for Sys.Index in Oct . Sys_l_Sys_2 loop 


-- Update Isolation Valve 

Val ve.Class . Update (Instance => Iso.Vlv (Sys.Index) , 

Close_Cmd => VI v_Close_Cmd (Sys_Index) , 

Open_Cmd => VI v.Open.Cmd (Sys.Index), 

Pressure => Dist ribut ion.Syscem.Class . Syscem.Pressure 
(Dist.Sys (Sys_Index) ) , 

Power => Iso.Val ve.Power (Sys.Index) , 

Flow_Race => Hydraui ic.Pump.Class . Outpuc.Flow 
(Pump (Sys_Index) ) ) ; 

Update distribution syscem (plumbing that connects components) 

Di stribut ion.Syscem.Class .Update 

(Instance => Dist.Sys (Sys_Index) , 

De 1 1 a _T i me => Delta.Time, 

Consumed_Flow => Tot.Press.Flow (Sys_Index), 

Supply_Flow => Val ve_Class . Flow.Rate (Iso.Vlv (Sys.Index))); 


-- Update pressure sensor 

Pressure_Sensor_Class . Update 

(Instance => Press_Sensor (Sys.Index), 

Power.Avail => 

( Elec_Pwr_Msg . Cb (Elec _Sys_Intfo_Defs .Cb_1023_001) -Power = Set. On), 
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Ada Unit 67 Orvc_Common .Types Package Specification 

ca.;.<a:e 0 r vc _C o mmc n _7yp e s Is 

- yp e 5ys_l_3y*_2 \.'j [ 3ys_l , 3ys_2) ; 
type ^ r. _ D f f is ‘ Cn, OzZt ; 


Similar to Std_£ng_Types, 
but applies to a particular 
subsystem. 


mon_7ype^ 


Arse race: This package provides ehe common daca types used by the 
partitions of ehe OR VC. 

i 

— Warnings: None. 


Ada Unit 68 Orvc_Defs Package Specification , 

with D i s ; 

with Orvc_Common_Types ; 

package Orvc_Defs is 

-- The cop-level 'Component _IDs' in Che ORVC system 

Aural_Cue : conscanc Dis . Component_Id := # — 

Dis . Register .Component ( Dis . Nul l.Component , 'Aural.cue', Prefix => True); 

Hydraul ic_Conc rol_Panel : constant Dis .Component.Id := 

Dis . Regis ter.Componenc {Dis . Nul l.Component , 'Hydraul ic_Control_Panel • , Prefix => True); 

Cont rol.Surfaces : constant Dis .Component .Id := 

Dis .Register_Component ( Dis . Null .Component , 'Control.Surfaces' , Prefix => True) ; 

Eleccrical.System : constant Dis . Component _Id := 

Dis .Register ^Component (Dis .Null .Component, 'Eleccrical.System' , Prefix => True); 

Hydraulic.System : constant Dis .Component_Id := 

Dis. Reg is ter. Component ( Dis . Null ..Component , 'Hydraulic.System*, Prefix => True) ; 

Landing_Gear : constant Dis . Component. Id := 

Dis . Regis ter.Component (Dis . Null. Component , ■ Landing .Gear ' , Prefix = > True); 


Top-Level partitions 


Orvc.Defs is like SSVTF's 
SSTF.Defs package 


Session_Manager : constant Dis . Component. Id : = 

Dis . Regis ter.Component {Dis . Nul 1 ..Component r 'Session.Manager ' , Prefix 


Real_6 : constant DIs.Type.Id : = 

Dis . Regi ster.Type (Dis . Null. Component , 'Real_6', Dis . Float.Tag) ; 


Real_15 : constant Dis.Type_Id 

Dis . Register_Type (Dis . Null .Component , 'Real_15*, Dis . Double.Tag) ; 
package 0_G is new Dis . Enum.Func tions (Orvc_Common_Types.On.Off); 


On.Gf f .Type .Id : constant Dis.Type_Id : = 

Dis . Regiscer.Type (Parent => Orvc _Def s . Hydraul ic.System, 

Name => 'On.Off', 

The_Tag => Dis . Enum.Tag, 

Size ~> 0.0. Size, 

Labels => 0.0. Labels); 


True) ; 

Dis versions of standard 

types 


end Orvc.Defe; 


--I Abstract: This package contains the DIS definitions for the ORVC. 

— I 

--I Warnings: None. 


Ada Unit 69 Hydraulic_System_Dafs Package Specification 

with Dis; 

with Orvc.Defs; 

with Orvc_Common_Types ; 

package Hydraulic.Syscem.Defs is 


-- Define and Register Types 
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package 5 ys_l_2 

Founds _?er_3q_I 
Dis . Register_ 


s new D;s . Snum_Funct ions 'Crvc jComjncnJTypes . 3ys_l 
: constant 3is.?ype_Id := 

xe (Parent => 0rvc_3e ts . Hrdraul -C_5ystem, 

Nair.e => * Fcur.ds_?er_Sq_In* , 

TheJTag => Dis . Float JTag, 

'-Ow_3ound => '0.3*, 


_3ys_2 ) ; 


Hugh_Eound => *340.3*); 


Data types used in 
definitions package 


-- Register Terns 


Mccor_l_Cn_Of f : constant Dis.Term_Id : = 

Dis . Register _Term (Parent => Orvc .Defs . Hydraulic.System, 
Name => 'Mo cor_ l_Cn_Of t ' , 

The_?ype => Orvc^Defs .On_Of f JType_Id, 
Users => (1 => Dis.Look)); 

Mo t o r _2 _0n_0 f f ; constant Dis.Term_Id : = 

Dis . Regis cer.Term (Parent => Orvc_Defs . Hydraulic ^System, 
Name => 'Motor_2_OnjDf f ' , 

The_Type => Orvc_Defs . On_Of f _Type_Id, 
Users => (i -> Dis.Look)); 

Motor_l_Rpm : constant Dis.Term_Id :: 

Dis . RegisterJTerm (Parent => Cr ■ * :_Def s . Hydraulic_System, 
Name -> 'Mo tor_l_RPM* , 

ThejType => Orvc_Defs . Realms , 

Users => (1 => Dis.Look)); 

Mocor_2_Rpm : constant Dis.Term_Id := 

Dis . Regis ter JTerm (Parent => Orvc_De£s . Hydraulic jSystem, 
Name => 'Motor_2_RPM' , 

ThejType => Orvc_Def s . Real_6 , 

Users => (1 => Dis.Look)); 

Fluid_Level : constant Dis.Term_Id := 

Dis , RegisterJTerm (Parent => Orvc_Defs . Hydraulic_System, 
Name => 'Fluid_Level * , 

ThejType => Orvc_Def s .Real_6 
Users x> (1 => Dis . Look_Enter) ) ; 

Pressure_Sys_l : constant Dis.Term_Id ;= 

Dis . RegisterJTerm (Parent => Orvc_Defs . Hydraul ic jSystem, 
Name => • Pressure jSys_l * , 

The_Type => Pounds_Per_Sq_In, 

Users => (1 => Dis.Look)); 

Pressure_Sys_2 : constant Dis.Term_Id := 

Dis . RegisterJTerm (Parent = > Orvc_Def s . Hydraulic _System, 
Name. => * Pressure_Sys_2 * , 

ThejType => Pounds_Per_Sq_In, 

Users => (1 ~> Dis.Look)}; 

Flow_Pump_l : constant Dis.Term_Id : = 

Dis. RegisterJTerm (Parent => Orvc_Defs . Hydraulic ^System, 
Name => 'FloWjPump__l ' , 

ThejType => Orvc_Defs . Real _6 , 

Users => (I => Dis . Look_Enter) ) ; 

FloWjPunrp_2 : constant Dis.Term_Id : - 

Dis . Regis ter _Term (Parent => Orvc_Defs . Hydraulic _System, 
Name => 'Flow_Pump_2 ' , 

ThejType => Orvc_Defs .Real _6 , 

Users => (1 => Dis . Look_Enter ) ) ; 

Iso_Val ve_5ys_l : constant Dis.Term_Id ; = 

Dis .Regiscer_Term (Parent => Orvc_Def s . Hydraulic ^System, 
Name => *Iso_Val ve_Sys_l * , 

ThejType => OrvcJDef s . Real .6 , 

Users => (1 => Dis.Look)); 

IsOjVal ve_Sys_2 ; constant Dis.Term_Id :s 

Dis . Regi sterJTerm (Parent => Orvc_Defs . Hydraul ic_System, 


Register I OS *T_ook 
only" term. 


Register IOS 
Look/Enter term 
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Name = > * I s o _Va 1 ve _3 y s _2 " - 

The_Type => Orvc_^efs . Real_5 , 
Users - > [I => 3 i S . c " < ; 


Register Malfunctions 


?urrp_Nc _Flow : constant 3 
Dis . Register _Ma 1 rune tio 


is .Mai func 
r. (Parent 
Name 
Length 
Labels 


On_Id := 

= > Orvc_Defs . Hydra; 
= > * Pump _Nc_r low' , 

= > 2 , 


em, 

Register malfunction 


with no parameters. 






P r e s s _C o mp _ F a 1 1 : constant 

Dis - Regi s ter _Mal function 


Dis . Mai 
( Parent 
Name 
Length 
Labels 


functioned : = 

= > Orvc_Def s . Hydraul ic_Sy scerT L 
= > *Pressure_Conrp_Pail* , 

= > 2 , 

= > Sys_l _2 .Labels) ; 


lso_yalve_Freeze : constant 
Dis .Regis ter _Mal function 


Dis .Mai functioned : = 

(Parent => Orvc_Defs . Hydraul ic_Sys cerf L 

Name => 'Iso_Val ve_Freeze' » 

Length => 2 , 

Labels => Sys_l_ 2 . Labels) ; 


Pressure_ 5 ensor_Fail : constant Dis . Mai functioned 


Dis . Regis ter_Mal function 


( Parent 
Name 
Length 
Labels . 
Pl_Name 
Pl_Low => 
Pl_High => 

Pieype => 

P2_Nafte => 
P 2 _Low => 
P 2 _High => 
P2eype => 


Orvc_Def s . Hydraul ic_System, 

* Pressure_S®nsor_Fai 1 * , 

2 , 

Sys_ie . Labels, 

•Scale* , 

0 . 0 , 

5 . 0 , 

Orvc_C®fs . Real_6 
•Offset* , 

- 4000 . 0 , 

4000 . 0 , 

Orvc_D©f s . Real__6 ) ; 


Motor_ 2 ero_Rpn : constant Dis .Mai func tion_Id := 

Dis .Register_Ma! function (Parent => OrvcJDefs .Hydraulic_System, 

Name => *Motor_Ze ro _ RPM ' » 

Length => 2 , 

Labels => Syse -2 .Labels) ? 


Dist_Sys_Leak . constant Dis .Malfunctioned 
Dis . Reg is ter _Ma If unction 


( Parent 
Name 
Length 
Labels 
Pl_Name 
Pl_Low 
Pl_High 
PI Type 


Orvc_Def s . Hydraul ic_System, 
r Dist_Syseeaic* , 

2 , 


= > 

= > 

=> 

=> Sys_ie • Labels , 

=> 'LeaJcJate.GPM*, 
r> 0.0, 

= > 5 . 0 , 

=> Orvc Def s . Reai__ 6 ) ; 


Register mdiinction 
with parameters. 


end Hydraul ic_Syetem_Defs; 


I Abstracts This package contains the Hydraulic System DIS 

— I definitions. 

— I 

— 1 Warnings: None. 
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